THE USENIX ASSOCIATION NEWSLETTER 



OCTOBER 1995 • VOLUME 20 • NUMBER 5 


FROM THE EDITOR 

Wherein RBK’s Eyes Are Opened „. 3 

USENIX NEWS 

1996 USENIX Nominating Committee. 5 

President’s Letter.,. 6 

Report on the USENIX Conference on 
Object-Oriented Technologies by Nayeem Islam 6 
Status Update on PGP and Legal Actions 

by Greg Rose .9 

Call for Nominations for Two Awards. 9 

SAGE NEWS 

From the SAGE Editor. 10 

Top 10 Tools for Lonely Sys Admins 

by Ken Mayer . 11 

The Seminar by John Sellens . 12 

Monitoring Users’ Idle Time by Kent Arnott ... 13 
Results of the 1995 SANS Survey 

by Eric Anderson . 13 

A Secure Rsh Replacement by Shawn Instenes 19 
What’s Up on the Tel Front? by John SchimmeHO 

Opinion: Professionalism by Paul Evans . 21 

Call for Nominees for Election to SAGE 

Board of Directors by Pat Wilson . 22 

Community News: A New Form of 
Professional Recognition by Paul Evans . 22 


FEATURES 

A Practical Guide to Internationalization, 

Part 2: Using National Characters in Hardware 


and Applications by Michael Gschwind .23 

What We Mean by Trust by Jon Finke .29 

Web Designer Notes by Dave Taylor . 31 

Musings by Rik Farrow ... 34 

Impact by Scott Hazen Mueller . 35 

USA Wins Medals At Computer Olympics 
In The Netherlands by Don Piele . 37 


CONTENTS 


STANDARDS REPORTS 

An Update on Standards Relevant to 

USENIX Members by Nicholas Stoughton . 38 

Information Infrastructure by Jim Isaak .42 

BOOK REVIEWS 

The Bookworm by Peter H. Salus .44 

The Object Advantage: Business Process 
Reengineering With Object Technology — 

Reviewed by George W. Leach. 46 

Tel and the Tk Toolkit - 

Reviewed by Henry Spencer.47 

The Cartoon Guide to Statistics - 

Reviewed by Henry Spencer.48 

The Craft of Software Testing: Subsystem Testing 
Including Object-Based and Object-Oriented 

Testing - Reviewed by Bob Birss.49 

Expert C Programming: Deep C Secrets - 
Reviewed by Rob Kolstad.49 

ANNOUNCEMENTS & CALLS 

1995 USENIX Technical Conference.50 

Tcl/Tk ‘96.53 

UNIX Security ‘96.55 

LISA ‘96.57 

coots ‘96. 59 

osdi‘96.61 

sans ‘96.63 

ETC- 

Book Publishers Discount Order Forms.. 65 

Subscription Order Form.75 

Local User Groups.76 

Calendar of Events.78 


The UNIX and Advanced Computing Systems 
Professional and Technical Association 
















































; login: is the official newsletter of the 
USENIX Association. 

• ;login: (ISSN 1044-6397) Volume 20, 
Number 5 (October 1995) is published 
bimonthly by the USENIX Association, 

2560 Ninth Street, Suite 215, 

Berkeley, CA 94710. 

• $24 of each member’s annual dues is for an 
annual subscription to ;Iogin:. Subscriptions 
for nonmembers are $50 per year. 

• Second-class postage paid at Berkeley, CA 
and additional offices. 

• POSTMASTER: Send address changes to 
;login:, USENIX Association, 2560 Ninth 
Street, Suite 215, Berkeley, CA 94710. 

Editorial Staff 

• Rob Kolstad, Editor 
<JtolsiGd@use nix.org> 

• Tina Darmohray, SAGE Editor 
<tmd@tisemx. org> 

• Nick Stoughton, Standards Report Editor 
<nick@use nix. org> 

■ Carolyn S. Can, Managing Editor 
<carolyn@usenix.org> 

• Rhea Gossett, Proofreader 

Membership and Publications 

USENIX Association 
2560 Ninth Street, Suite 215 
Berkeley, CA 94710 
Phone: 510 528 8649 
Fax: 510 548 5738 
Email: <office@usenix.org> 

Contributions Solicited 

You are encouraged to contribute articles, book 
reviews, and announcements to ;login:. Send 
them via email to <login@usenix.org> or 
through the postal system to the Association 
office. Send SAGE material to <tmd@ 
usenix.org>. The Association reserves the right 
to edit submitted material. Any reproduction of 
this newsletter in its entirety or in part requires 
the permission of the Association and the 
author(s). 

© 1995 USENIX Association. USENIX is a 
registered trademark of the USENIX Associa¬ 
tion. UNIX is a registered trademark in the 
United States and other countries, licensed 
exclusively through X/Open Company 
Limited. The Association acknowledges all 
other trade references made herein. 

;login: is produced with Framemaker 4.0 soft¬ 
ware provided by Frame Technology and dis¬ 
played on an NCD X Terminal, donated by 
Network Computing Devices. The system is 
served by a Sun SPARCsystem 10 server. Final 
output is created by a 600 dpi QMS 860 laser 
printer, donated by Quality Micro Systems. The 
newsletter is printed on recycled paper, 


SAVE 


THESE 


DATES! 


Upcoming USENIX Events 


USENIX 1996 Technical Conference 

January 22-26,1996, San Diego Marriott Hotel & Marina, San Diego, CA 

Program Chair Bob Gray, US WEST 

Invited Talks Co-ordinators: Mary Baker, Stanford University and Ed Gould, Digital 
Equipment Corporation 

Camera-ready Papers Due: November 14,1995 


5th UNIX System Administration, Networking, and Security 
Symposium (SANS V) 

May 13-17,1996, Washington, DC 

Sponsored by the Open Systems Conference Board in cooperation with SAGE, FedUNIX, 
and the Escal Institute 

Program Chairs: Rob Kolstad, BSDI and Michelle Crabb, NASA Ames Research Center 

Extended Abstracts Due: November 17,1995; Notification to Authors: December20,1995; 
Camera-ready Papers Due: February 24,1996 


2nd Conference on Object-Oriented Technologies and Systems 
(COOTS) 

June 17-21,1996, Toronto, Canada 

Program Chain Douglas C. Schmidt, Washington University 

Tutorial Program Chain Doug Lea, SUNY Oswego 

Tutorial Submissions Due: February 7,1996; Paper Submissions Due: February 13,1996; 
Notification to Authors: March 5,1996; Camera-ready Papers Due: May 17,1996 


4th Annual Tcl/Tk Workshop '96 

July 10-13,1996, Doubletree Hotel, Monterey, California 

Program Chairs: Mark Diekhans, The Santa Cruz Operation, Inc Mark Roseman, 

University of Calgary 

Paper and Demo Submissions Due: March 5,1996; Notification to Authors: April 16,1996; 
Camera-ready Papers Due: May 28,1996 


6th USENIX UNIX Security Symposium 

July 22-25.1996, Fairmont Hotel, San Jose, California 
Sponsored by the USENIX Association. Co-sponsored by UniForum (pending) in 
cooperation with The Computer Emergency Response Team (CERT), and IFIP WG 11.4 
Program Chain Greg Rose, Sterling Software 

Extended Abstracts Due: March 19,1996; Papers Selected: April 15,1996; Camera-ready 
Papers Due: June 10,1996 

10th USENIX Systems Administration Conference (USA *96) 

September 30-0ctober 4,1996, Chicago Marriott, Chicago, Illinois 

Co-sponsored by USENIX and SAGE, the System Administrators Guild 

Program Chairs: Helen Harrison, SAS Institute; Amy Kreiling, University of North Carolina 

Extended Abstracts Due: May 7,1996; Notification to Authors: June 11,1996; Final Papers 
Due: August 15,1996 

2nd USENIX Symposium on Operating Systems Design and 
Implementation (0SDI) 

October 29-November 1,1996, Seattle, Washington 
Co-sponsors ACM SIG0PS (pending) and IEEE TC0S 

Program Chairs: Karin Petersen, Xerox PARC, Willy Zwaenepoel, Rice University 

Full Papers Due: May 7,1996; Notification to Authors: July 30,1996; Revised Papers Due 
for Shepherding: August 19,1996; Camera-ready Full Papers Due: September 16,1996 

For more information about USENIX and its events, access the USENIX Resource Center on the World Wide Web. 
The URL is http://www.usenix.org. 





















































































FROM THE EDITOR 


USENIX BOARD OF DIRECTORS 


Wherein RBK’s Eyes Are Opened 

Most of you know that I am currently the president of Berkeley Software 
Design, Inc. (BSDI). I’ve always considered myself an engineer with a bent 
toward management and working with people. BSDI is a startup company 
whose mission is to sell operating system and utility software with the flavor of 
‘Berkeley UNIX Systems’ into markets where that makes sense (e.g., network 
servers, embedded systems, application servers). 

In the sense of UNIX systems and their related engineering practices, I grew up 
with USENIX over the last 15 years or so. I have been fairly committed to a 
number of the best ideas that have been championed by typical (e.g., technical) 
attendees of USENIX conferences and the companies that we all might have felt 
were “USENIX-type companies” (e.g., my ex-employers, Convex Computer 
Corp. and Sun Microsystems). I bought into ‘open systems’ and have enjoyed 
‘The UNIX Philosophy’ (in an incredibly large number of its purported forms) 
over the last decade. I have enjoyed technology and its advances and feel that, 
on a good day, I can make a fairly rational decision about the various good and 
bad points of a system (i.e., an amalgam of a large number of technical compo¬ 
nents). 

In my role as BSDI president, I occasionally join our top-notch sales force mem¬ 
bers as they deal with potential clients. Lately, I have learned a tremendous 
amount about sales people in general, having hired a highly respected vice pres¬ 
ident who understands negotiating, money, and dealing with customers. 

Sales people are interesting in many ways. First of all (and not surprisingly), 
they are not typically motivated by neat technological twists. They are, more 
often, motivated by the sweet scent of money. In my role as signer-of-checks at 
BSDI, I feel that the sales people provide an incredibly valuable complementary 
service to the engineers who create our fine products and the others who manu¬ 
facture and deliver them. They bring in the revenue. 

I have learned that sales people are by no means ignorant or unintelligent, as 
they are too often portrayed in engineering caricature (e.g., Dilbert). They are 
sensitive to customers’ needs and think in terms of a large (sometimes global!) 
community of customers who might themselves be competitors and who have a 
large variety of options in our complex world. They understand multiple levels 
of sales channels and how to find the person in an organization who really makes 
decisions about purchasing products. As a small surprise to me, purchasing deci¬ 
sions for products are rarely made on those products’ technical merits alone or 
even in large part. I already knew that the people making the purchase decisions 
are not necessarily technical people, but the small degree of technical influence 
was still a surprise to me. 

I accompanied our large account sales person to a Fortune 500 company that 
wanted to use computers to reduce the amount of paper their company uses 
(sorry I can’t be more specific). We dealt with one of their lead technical people 
who had been transferred from a large data processing center in the UK to lead 
up several client-server projects in the US. I also visited a dual-account (their 


Communicate directly with the USENIX 
Board of Directors, by writing to <board@ 
usenix.org >. 

President: 

• Stephen C. Johnson <scj@usenix.org> 

Vice President: 

• Eric Allman < eric@usenix.org> 

Secretary: 

• Lori Grob <grob@usenix.org> 

Treasurer: 

• Rick Adams <rick@usenix.org> 

Directors: 

• Tom Christiansen <tchrist@usenix.org> 

• Dan Geer <geer@usenix.org> 

• Andrew Hume <andrew@usenix.org> 

• Greg Rose <ggr@usenix.org> 

Executive Director: 

• Ellie Young <ellie@usenix.org> 

CONFERENCES & SYMPOSIA 

• Judith F. DesHamais 
Conference Coordinator 
USENIX Conference Office 
22672 Lambert Street, Suite 613 
Lake Forest, CA 92630 
Telephone: 714 588 8649 
FAX: 714 588-9706 

Email: <conference@usenix.org> 

• Zanna Knight 

Vendor Displays, Marketing 
Email: <display@usenix.org> 

• Daniel V. Klein 
Tutorial Coordinator 
Telephone: 412 421 2332 
Email: <dvk@usenix.org> 

WWW URL: http:llwww.usenix.org 

Automatic Information Server 

To receive information electronically about 
upcoming USENIX symposia & conferences, 
finger <info@usenix.org> and you will be 
directed to the catalog which outlines all avail¬ 
able information about USENIX services. 

Supporting Members 

ANDATACO 

Frame Technology Corporation 
GraphOn Corporation 
Matsushita Electric Industrial Co., Ltd. 
Sun Microsystems, Inc., 

SunSoft Network Products 
Tandem Computers, Inc. 

UUNET Technologies, Inc. 

The closing dates for submissions to 
the next two issues of ;login: are 
October 11 and December 13, 1995. 


October 1995 ; login : 3 


FROM THE EDITOR 


company had just split into two) who wished to provide a 
WWW reservations service for their industries. 

Among the first few things that came across was that none 
of these people were those who attend USENIX conferences 
to learn and see the latest and greatest technologies. Shortly 
thereafter I was struck with the forceful blow of realizing 
that they didn’t need to come to USENIX conferences to see 
the latest and greatest technologies because they were more 
up-to-date in many areas than either my sales person or I 
was. Furthermore, they were able to use that information to 
keep discussions at a fairly high level - almost a building- 
block approach to what I perceive to be very technical prob¬ 
lems. They had no compunctions about mixing equipment 
from dozens of different vendors and were well versed in all 
the trade-offs and costs. 

My biggest surprise was that the cost of equipment (soft¬ 
ware and hardware) was not a primary consideration in 
choosing a solution to their problems. Neither was techno¬ 
logical efficiency. Elegance was never discussed. Their 
solutions needed to be practical and available in a near-term 
timeframe. They were acutely aware of cost-of-ownership 
issues and what their real problems were. They were ‘on top 
of’ their problems in a major way. 

‘We really need to be able to put your systems into our 
offices that are run by technically unsophisticated users,” 
one technical officer told me. “We hope you can make the 
add_user command much simpler, maybe with a graphic 
interface.” Finally, I thought, a way to understand why peo¬ 
ple are always demanding GUI-this and GUI-that for the 
simplest of interfaces. 

I remarked that our add_user command is already simple as 
pie. One need only answer a few questions, like the user’s 
name and login ID. 

“But it’s not graphical,” he rejoined. 

I professed that I didn’t see the benefit of putting those self 
same questions on a blue background and slowing the 
whole process by forcing people to use a mouse (hands off 
the keyboard and all that). 

‘That’s not the issue,” he calmly replied. ‘It’s comfort. They 
are not comfortable with anything but a Windows-style blue 
background interface with a simple click here and a simple 
click there for simple functions.” He continued on that 
sophisticated functions would be handled by his administra¬ 
tion staff at corporate headquarters, but that simple func¬ 
tions were to be performed locally by staff that was 
uncomfortable with anything but Windows-style interfaces. 

What a revelation this was! The interfaces don’t have to be 
particularly functional, efficient, or powerful. The key point 


that I derived from this conversation was: Big companies 
who wish to use technology are doing everything they can 
to minimize or eliminate training costs while empowering 
employees throughout their organization - with ever- 
decreasing levels of technological sophistication. To that 
end, their employees have become familiar with certain sets 
of menu-based interfaces (“you have three choices at this 
juncture, choose one”) and can perform their job function 
without major training expense and generally without 
requiring the assistance of a sophisticated UNIX system 
administrator, for example. 

The coupling of ‘comfort’ with ‘cost of ownership’ and 
applicability throughout an organization was a big surprise 
to me. Basically, what these different sets of customers 
wanted was a system that was tailorable to perform techni¬ 
cally complex operations under the covers, but had a user 
interface whose complexity - and functionality - was com¬ 
parable to that of an alarm clock or microwave oven. 

And why not? These users’ goals are very different from 
those of, say, systems programmers. They only need to look 
up a reservation record or route an item from manufacturing 
to shipping. They don’t need to create reports with typeset 
tables or digitize speech and video. The technology imple¬ 
mentors only want to ease or facilitate the repetitive or 
error-prone parts of people’s jobs, so they can perform the 
other parts with greater ease and efficiency. 

So now I get to retool my thinking about what kinds of 
products that the industry is buying. I think 99.9% of the 
UNIX technology is in good shape. It’s only a certain set of 
interfaces to (what I have believed were) complex functions 
that need to be simplified (or at least ‘made comfortable’). 

But what of my shattered image of our USENIX conferences 
that bring together bleeding-edge technologists for both 
general and specific gatherings? That’s a tough question. 

I fear that we now live in a world where software percep¬ 
tions are being manipulated in very large part by a small 
number (one?) of software companies that make big prom¬ 
ises and then redefine terms when the time comes to present 
their work. 

Nevertheless, it is these perceptions that are shaping thou¬ 
sands of technical decisions throughout the 500-1000 
companies that spend the most money in the US (and 
presumably similar companies throughout the world). 

I don’t think that USENIX serves them well enough. I hope 
that our membership, program chairs, and board of directors 
will consider ways to approach and serve this huge set of 
people. 

RK 


4 ;login : vol . 20 . no . 5 



USENIX NEWS 


1996 USENIX 
Nominating Committee 

by Evi Nemeth , Nominating Committee Chair 

The biennial elections of the Association’s Board of Directors will be held in the 
Spring of 1996. The current Board has asked me to chair a committee to nomi¬ 
nate candidates for the Board. The Nominating Committee is: 

Mary Baker, Stanford University 
Trent Hein, XOR Network Engineering 
Evi Nemeth, University of Colorado, Chair 
Dennis Ritchie, AT&T Bell Laboratories 
Brent Welch, Sun Microsystems 

Board members are elected for two years and will take office in June, 1996. 
There are eight board positions: 

President 
Vice President 
Treasurer 
Secretary 

Board Member at Large (four positions) 

All positions are typically filled from a combination of continuing Board mem¬ 
bers as well as new folks. 

We are soliciting suggestions for nominations. The Association needs people 
who are enthusiastic, energetic, responsible, and who are willing and able to 
donate considerable amounts of time. Candidates should have some political 
skills as well as a technical interest in USENIX. Vision, insight, and the ability to 
work and play well with others are also on the wish-list. Having a sense of 
humor is always an attractive bonus. 

Please send suggestions for nominees by mid-October to: nominate@usenix.org . 
We also invite feedback and comments (which will be kept strictly confidential) 
on the current board members. 

If you think you might be interested in running for the Board, but aren’t sure 
quite what it entails, mail me ( evi@cs.colorado.edu ) and I will send you a crib 
sheet for potential candidates that includes a bit of the job description. 

Thank you; your input and suggestions are important. 


USENIX Member Benefits 

As a member of the USENIX Association, 

you receive the following benefits: 

• Free subscription to ;login.\ technical fea¬ 
tures, system administration tips and tech¬ 
niques, international calendar of events, 
SAGE News, media reviews, Snitch 
Reports from the USENIX representative 
and others on various ANSI, IEEE, and 
ISO standards efforts, and much more 

* Free subscription to Computing Systems , 
the refereed technical quarterly published 
with The MIT Press 

- Access to papers from USENIX Confer¬ 
ence and Symposia, starting in 1994, via 
the USENIX Online Library on the World 
Wide Web <http:llwww.usenix.org> 

* Discounts on registration fees for the 
annual, multi-topic technical conference, 
the System Administration conference 
(LISA), and the various single-topic sym¬ 
posia addressing topics such as object- 
oriented technologies, security, operating 
systems, electronic commerce, and mobile 
computing - as many as seven technical 
meetings every year 

* Discounts on the purchase of proceedings 
from USENIX conferences and symposia 
and other technical publications. 

* Discounts on BSDI, Inc. products. 

BSDI information: 800 800 4BSD 

* Discounts on the five volume set of 4.4 
BSD manuals plus CD published by 
O’Reilly & Associates and USENIX 

• Savings (10-20%) on selected publica¬ 
tions from McGraw-Hill, The MIT Press, 
Prentice Hall, John Wiley & Sons, and 
O’Reilly and Associates 

• Special subscription rates to the periodi¬ 
cals The LINUX Journal (Phone: 206 527 
3385) and UniForum Monthly, UniNews , 
and the annual UniForum Open Systems 
Products Directory 

• Right to vote on matters affecting the 
Association, its bylaws, election of its 
directors and officers 

• Right to join SAGE, the System Adminis¬ 
trators Guild 


To become a member or receive information 
regarding your membership status or benefits, 
please contact <offtce@usenix.org>. 

Phone: 510 528 8649. 


October 1995 ;login\ 5 


USENIX NEWS 


President’s Letter 

by Steve Johnson 
<scj@usenix.org> 

Blush... 

A few weeks ago I flew into the new Denver airport. I can¬ 
not help but be amazed by the vast open spaces around the 
airport, the vast cost overruns before it was completed, and 
the major delays caused by the need to tear out the new, 
computerized baggage system and replace it with one that 
did not fold, bend, and mutilate the baggage. 

I have no inside knowledge on how the original system was 
picked, how it was implemented, what went wrong, and 
why it could not be fixed. What interests me is the attitude 
that I found in many of the computer professionals that I 
have talked with, which I can summarize as “amused indif¬ 
ference.” As one colleague put it, “everyone knows that a 
system like that would be very hard to build and would take 
years to get working correctly. They were crazy to try.” 

Let’s move on to a much more mundane example. A friend 
of mine inspects day care centers for the State of Califor¬ 
nia. When she finds, for example, dog turds in the play area 
or loaded guns in unlocked cabinets (these are not made up 
examples!), she cites the operators of the day care centers, 
in writing, and quotes the applicable paragraphs from the 
thick book of regulations she hauls around with her all day. 
She typically must go back to the office to prepare the cita¬ 
tion, and then drive out again to deliver it. Recently, the 
state contracted with a company to put the rules and regula¬ 
tions on line, on notebook computers. This would eliminate 
a trip; the citation could be generated on the spot. In expec¬ 
tation of this improved productivity, the department size 
was cut. 

You can probably guess what happened. The system was 
delayed and delayed and delayed and finally cancelled. It 
was rumored that at least the contract was written so that 
the contracting company got little or no money (and conse¬ 
quently went out of business). I doubt that many of us 
would have said they were crazy to try to build such a sys¬ 
tem (in fact, the current system of paper shuffling seems 
crazier). But the end result was the same. 

As my friend recounted this tale of woe, I found myself 
blushing. Unlike the Denver airport case, where I too was 
amused and rather indifferent, I could have easily seen 
myself bidding to produce such a system (or, worse yet, 
contracting to buy such a system). I felt ashamed of our 
profession, ashamed that something so clearly at the state- 
of-the-art level could be so screwed up. 


When a surgeon recently amputated the wrong leg of a 
patient, I’m sure that virtually every surgeon in the country 
heard about it. I suspect that most surgeons were also 
ashamed that a single example of such a mistake could be 
made by a member of their profession. All civil engineers 
shuddered at the blot on their profession when a bridge 
under construction buckled. Engineers know that their jobs, 
like the surgeons’, will be harder for a while as they reassure 
their clients that this could not possibly happen to their 
bridge (or leg, respectively). I don’t see the same attitude 
among most software builders. 

We are naive if we believe that computer software engineer¬ 
ing is going to remain immune from high expectations for 
too much longer. Too many of our customers are now com¬ 
puter literate, and understand what computers can do. If we 
contract to deliver something and don’t do it, we will not be 
able to plead that experimental hardware or arcane mystical 
forces ate our work. It will become increasingly obvious to 
our customers that if we fail to deliver, we are either incom¬ 
petent or dishonest. Software vendors could easily become 
as beloved as used car dealers. 

As software developers, we realize that there are not really 
any perfect software quality techniques. Some that work 
well are extremely expensive. Some that are loudly hyped 
don’t work well at all, or are very limited. Both the civil 
engineers and the medical professionals killed a lot of people 
before they learned the techniques they use today—in fact, 
in bridge building it took a number of spectacular collapses 
to convince the general public that safety margins should be 
large, and the extra expense so entailed was far better than 
the alternative. With faster and faster machines, larger and 
larger memories, we have the potential to spend more of our 
resources ensuring higher quality software. I don’t think our 
customers will allow us any alternative. 

Report on the USENIX 
Conference on Object- 
Oriented Technologies 

Monterey, California, June 26-29,1995 

by Nayeem Islam 
<nayeem@watson.ibm.com> 

There were fifteen technical talks and a keynote address 
given by Michael Powell, of SunSoft Inc. Powell presented a 
retrospective on object technology and, in particular, his 
experiences with the Spring operating system. The Spring 
OS has implemented much of the CORBA object model. 


6 ;login : vol . 20 . no . 5 



USENIX NEWS 


The technical talks covered a variety of topics. Distributed 
objects were a major focus of the conference. In the follow¬ 
ing paragraphs, I briefly summarize the papers presented. 

Simple Activation for Distributed Objects 

The authors, Ann Wolrath, Geoff Wyant, and Jim Waldo of 
Sun, presented a mechanism for object activation and de¬ 
activation in a client server environment. The key feature of 
the mechanism is that it incorporates several known activa¬ 
tion models. The architecture is layered, with a simple 
activation mechanism upon which more specialized mecha¬ 
nisms can be built. The server side, in particular, has been 
kept simple. The activation protocol is much simpler than 
the protocol in the CORBA specification. A prototype was 
implemented on Modula-3 network object system and was 
found to perform adequately. 

Dynamic Insertion of Object Services 

There is a mechanism for dynamically adding properties to 
an existing class. The prototype has been implemented on 
IBM’s SOM system which implements the CORBA IDL. The 
implementation uses dynamic subclassing and the before 
and after in mechanisms in SOM to implement the dynamic 
insertion of services. Performance has always been a key 
issue in such systems and clearly the system described per¬ 
forms well. 

Object-Oriented Programming for High-Speed 
Network Programming 

This paper described C++ wrappers for common low-level 
communications interfaces that exist on NT and UNIX. Tra¬ 
ditionally, the challenge has been to provide a useful and 
well-designed set of wrapper functions that perform well. 
The authors described a new object-oriented toolkit called 
ACE that performs admirably well. The ACE system is com¬ 
pared with C and CORBA versions on both an ATM and an 
Ethernet. The authors (Douglas Schmidt, Tim Harrison and 
Ehab Al-Shaer) have done a good job in evaluating the per¬ 
formance overheads of the three implementations. 

Program Explorer: A Program Visualizer for 
C++ 

The authors, Danny B. Lange and Yuichi Nakamura, IBM, 
described a new and unique tool that is used for visualizing 
the dynamic behavior of C++ programs. Two important 
things that are emphasized in the system are a sense of rele¬ 
vance (in which classes and methods are actually relevant at 
runtime) and the sequence of operations that is used. The 
authors discuss how the coupling of static and dynamic 
properties of the system is obtained using Program Explorer 
and how such information is useful. The source code is 
instrumented to generate runtime information about the sys¬ 
tem. 


Debugging Storage Management Problems in 
Garbage-Collected Environments 

David Detlefs and Bill Kalson of DEC, described a tool to 
find and fix storage management problems in long-lived 
garbage collected programs. There are few good tools out 
there, and this work provides a set of very useful tools that 
can be used in the context of Module-3 programs. Garbage 
collection is studied in an environment that has excessive 
allocation, unbounded data structures, references hidden by 
abstraction and references hidden by the system. Such sce¬ 
narios are quite common in object-based systems. The use 
of visual tools for studying this problem is presented. It is 
quite clear that this tool would be useful in other languages 
such as C++ and Smalltalk . 

Phantom: An Interpreted Language for 
Distributed Programming 

Phantom represents one of the new languages designed for 
the Internet. Phantom is a language that allows the transpar¬ 
ent distribution of code and program data. Author Anthony 
Courtney stated that there are several other languages in this 
category, including Obliq and Java. Phantom is unique in its 
use of a strong type system and its use of a class-based 
object model. Phantom was strongly influenced by the syn¬ 
tax and semantics of Modula-3. It uses the same distributed 
lexical scoping rules as Obliq. It uses UNIX file protection 
schemes for access control. As with all new Internet lan¬ 
guages, security is a big issue. Security is addressed at sev¬ 
eral levels: The underlying language does not allow 
pointers and all transmitted code is checked to make sure all 
free identifiers have bindings. Phantom provides facilities 
for user authentication access control, and unforgeable glo¬ 
bal location addresses. 

A Framework for Higher-Order Functions in 
C++ 

The author, Konstantin Laufer of Loyola University, 
described a general mechanism for building function clo¬ 
sures in C++. The expressiveness of the language is com¬ 
pared to functional languages. The main contribution of the 
work is a type-safe framework for building functions clo¬ 
sures. The author compared the solution of the same-fringe 
problem using his framework and ML to illustrate the 
strengths and weaknesses of his approach. The author 
pointed out that his C++ framework is not as expressive as 
ML, since C++ does not support anonymous function clo¬ 
sures. Another limitation is that programmers using the 
author’s approach must maintain an explicit relationship 
between variables used in the body of the closures and 
instance variables of the higher order framework. The per¬ 
formance issues, however, are only briefly studied and no 
experimental results are given on the implementation. 


OCTOBER 1995 ;lOgifl\ 7 



USENIX NEWS 


Lingua Franca: An IDL for Structural Subtyping 
Distributed Object Systems 

Lingua France is an IDL that has conformance testing. 
Unlike other popular approaches that use name equivalence, 
Lingua Franca uses type conformance to match client and 
server interfaces. As opposed to several object-based sys¬ 
tems such as Emerald and Clouds, the type conformance is 
part of the IDL, not the implementation language. One inter¬ 
esting feature of Lingua Franca is the use of augmentation 
of objects with semantic attributes. Authors Patrick Muckel- 
bauer and Vince Russo of Purdue University provided 
detailed performance measurements of the system and show 
the structural conformance can be efficiently implemented. 

Adding Group Communication and Fault- 
tolerance to CORBA 

Silvano Maffeis described a technique for integrating group 
communication into the CORBA object model. This group 
communication can be used to build fault-tolerant applica¬ 
tions. A toolkit called ELECTRA was described that imple¬ 
ments the model. This work is different from the ISIS and 
Horns toolkits in its use of the easier to use CORBA inter¬ 
face. The interfaces for group communication were 
described in detail. The performance of the system was not 
discussed. 

Using Meta-Objects to Support Optimization 
in the Apertos Operating Systems 

Jun-ichiro Ito described his experience of using reflection 
and meta-object protocols to adapt system performance. In 
this model, each object has another object that interprets its 
execution. The meta-objects can use the context in which an 
object is used to optimize its implementation. This tech¬ 
nique is used to optimize method invocation and message 
delivery. Several other topics such as dynamic object reloca¬ 
tion and runtime code generation were also discussed, but 
experimental performance for such techniques was not. 

The Spring Object Model 

This was the first paper in which the object model of the 
Spring operating system is explained. The Spring Object 
Model is important because it has had a profound impact on 
the CORBA standard. Author Sanjay Radia described the 
model as having a strong typing system with a clean distinc¬ 
tion between interfaces and implementations. Interfaces to 
objects are specified using IDL’s, whereas objects may be 
implemented in any language. Multiple interface inheritance 
is described as a tool for designing new interfaces easily. 
Objects are instances of interfaces and the user of an inter¬ 
face does not know where the object is implemented. An 
object may be passed around freely. 


Integration of Concurrency Control in a 
Language with Subtyping and Subclassing 

Carlos Baquera, Rui Olivera, and Francisco Maura of Portu¬ 
gal described a technique for solving the notorious inherit¬ 
ance anomaly problem. By introducing language extensions 
for concurrency control, they showed how a language that 
separates the notion of types from classes can be used to 
tackle the inheritance anomaly. The constructs support acti¬ 
vation constraints, wrapper functions and mix-in based 
inheritance. The activation constraints are provided as part 
of the types-to-control when methods are invoked on the 
types. 

Generic Containers for a Distributed Object 
Store 

Carsten Weich discussed the implementation of generic con¬ 
tainers for building distributed applications. The generic 
container class implements associative containers and table 
containers. The generic container class can be subclassed 
and composed to provide different types of distributed con¬ 
tainers. The examples described include a B-tree and a dis¬ 
tributed object store. The system is implemented in Module- 
3 using the Network objects system from DEC SRC. It is 
not clear how the system performs. 

Media-Independent Interfaces in a Media- 
Dependent World 

Ken Arnold, Kee Hinkley, and Eric Sheinbrood described 
Wildfire, a communications assistant that is used for speech 
recognition. The key feature of this subsystem is to separate 
the communications part of system from the prompt/ 
response part of the system called MMUI. The important part 
of this design is that the MMUI should be extensible with 
new interactions. For example, when two-way pagers 
become more common, there should be a mechanism for 
incorporating them into the system. 

Wrapup 

The first conference on object-oriented technologies was a 
great success, with 175 participants. With the interest in 
object technology on the rise, we expect next year’s confer¬ 
ence to be even better and more popular. The conference 
will be held from June 17-21,1996 in Toronto. 


8 ;login : vol 20 * no. 5 



USENIX NEWS 


Status Update on PGP and 
Legal Actions 

by Greg Rose 

<ggr@sydney.sterling.com> 

This is another installment in my promised series of status 
updates with reference to legal and legislative action regard¬ 
ing cryptography in general, and the prosecution of Phil Zim- 
mermann over the export of PGP in particular. 

First on the PGP front, nothing much is happening; the indict¬ 
ment proceedings have not stopped, but don’t seem to be mov¬ 
ing very quickly either. There is now less than a year until the 
statute of limitations kicks in next June, and Phil Zimmer- 
mann will be off the hook if nothing is done before then. 
Unless, of course, some new charges are made. 

At the time of this writing (mid-August), PGPFone, which 
uses the PGP infrastructure and cheap PC hardware to encrypt 
voice calls over modems, is about to be released. Netbook- 
makers give a 10/1 that it will be out of the country by mid¬ 
night. This could be a very bad thing for Phil Zimmermann, or 
perhaps a very good thing. It is impossible to tell. On the one 
hand, the prosecutors will have another item of software and 
an act of export they can point to, even though they will be 
totally unable to say that Phil himself had anything to do with 
it. On the other hand, PGPFone demonstrates the total futility 
of the current laws. 

On a more general note, the case brought against the State 
Department by Dan Bernstein and the Electronic Frontier 
Foundation may be heating up. In short, the State Department 
lost some documents and failed to meet a deadline for an 
appeal, giving Mr. Bernstein and the EFF some good ammuni¬ 
tion. More details are available in the EFF’s web pages, 
http:llwww.eff. orglpubl Privacy!ITAR_exportlBernstein_casel. 

Finally, a trip to Australia hasn’t made me immune to cryptog¬ 
raphy issues. At a recent cryptography conference there, men¬ 
tion was made of plans for Australia to ban the use of strong 
cryptography except under specific license (for banks and so 
on). At the moment, it looks like this was just rambling, but 
you never can tell. 

Call for Nominations for 
Two Awards 

The USENIX Lifetime Achievement 
Award 


both intellectual achievement and service which are not rec¬ 
ognized in any other forum. The award itself is in the form 
of an original glass sculpture called “the Flame,” and in the 
case of a team based at a single place, a plaque for the team 
office. The award is presented at the Annual USENIX Techni¬ 
cal Conference, which will be held in San Diego on January 
22-26,1996. 

Past recipients of the USENIX Lifetime Achievement Award 
are the Computer Science Research Group at the University 
of California at Berkeley (and a cast of thousands) for the 
BSD line, Van Jacobson and Mike Lesk for their contribu¬ 
tions to networking technology, and Tom Truscott, Steve 
Bellovin and Jim Ellis for their work in creating USENET. 

The Software Tools User Group Award 

The Software Tools Award recognizes significant contribu¬ 
tions to the general community which reflect the spirit and 
character of those who came together to form the Software 
Tools User Group (STUG). The award is a plaque and a small 
cash stipend. 

STUG and the Software Tools effort was characterized by 
two important tenets. The first was an extraordinary focus on 
building portable, reusable libraries of code shared between 
multiple applications on wildly disparate systems. The other 
tenet, shared with the UNIX community, is “renegade 
empowerment.” The Software Tools gave the users the 
power to improve their environment when their platform 
provider proved inadequate, even when local management 
sided with the platform provider. 

Therefore, nominees for the Software Tools Award should 
exhibit one or both of these traits in a conspicuous manner 
a contribution to the reusable code-base available to all, or 
provide a significant enabling technology directly to users in 
a widely-available form. 

How to Nominate: 

If you believe someone qualifies for either of these awards, 
we (the nominating committee) welcome your input. Please 
send us your nomination by November 1 and include your 
name, details of the achievement, and your individual rea¬ 
sons for making the nomination. Electronic mail to 
awards@usenix.org will be fine, or fax to +1 510 548 5738, 
or by mail to: 

Awards Nomination 
USENIX Association 
2560 Ninth Street, Suite 215 
Berkeley CA 94710 U.S.A. 


The USENIX Lifetime Achievement Award is to recognize and 
celebrate singular contributions to the UNIX community in 


OCTOBER 1995 9 



SAGE, the System Administrators Guild, 
is dedicated to the advancement and recogni¬ 
tion of system administration as a profes¬ 
sion. In three years, SAGE’s membership 
has increased steadily, and there is growing 
recognition of SAGE as a representative in 
system administration issues. SAGE brings 
together system and network administrators 
for: 

• professional and technical development, 

• sharing of problems and solutions, 

• communicating with users, manage¬ 
ment, and vendors on system adminis¬ 
tration topics. 

SAGE News Editor 

• Tina Darmohray 
<Imd@usenix.org> 

SAGE Board of Directors 

• Elizabeth D. Zwicky, President 
<zwicky@usenix.org> 



• Pat Wilson, Treasurer 
<paw@usemx. org> 

• Kim Trudei 
<kim@usenix.org> 

• Paul Evans 
<ple@usenix.org> 

• Bryan McDonald 
<btgma c @u sc n ix .org> 

• Paul Mori arty 
<pmm@uscnix< org> 

SAGE Working Groups 


Group 

sage~certify 

sage-edu 

sage-ethics 

sage-jobs 

sage-locals 

sage-online 

sage-policies 


Chair 
Paul Evans 
Ron Hall 
Hal Miller 
Tina Darmohray 
Rene Gobeyn 
Mark Verber 
Lee Damon 


YOU CAN CONTACT THESE GROUPS VIA 
EMAIL AT 

<their-name@usenix.org> for example, 
<sage-certify@usenix.org>. 




THE SYSTEM ADMINISTRATORS GUILD 

NEWS 


From the SAGE Editor 

by Tina M. Darmohray 
< tmd@usenix. org> 

In this issue you’ll find the Call For Papers for LISA X, set for September 30- 
October 4,1996, in Chicago. It’s interesting that, as I write this column, it’s 
about a year to the week that Paul Evans and I were writing the Call for LISA 9. 
For those of you who might be interested in the process of putting together a 
conference, the following might be of interest. 

The USENIX staff select and book the conference space 3-5 years in advance, 
with direction on venues provided by the USENIX and SAGE Boards of Direc¬ 
tors. The selection for the program chair(s) for the conference starts about 1.5 
years before the conference date, with a call for proposals to chair the confer¬ 
ence. (Email archives indicate that Paul and I began thinking about chairing a 
conference in 1992!) 

Once the call for papers is published, all of the members of the program com¬ 
mittee start “beating the bushes” to recruit papers. No doubt some of you have 
experienced this process: Someone you know sends you email or gives you a 
call. It starts out with pleasantries, a little catching up, and then the punch line, 
“I know that you’ve been working on interesting-project-X at your site. I really 
think that the system administration community would benefit from hearing 
about your progress on that. After all, it’s a problem that we all have to solve 
pretty soon. Wouldn’t you consider submitting an abstract for LISA?” (And, 
depending who your “friend” is, they may even make it a dare!) With any luck 
some of the “friendly encouragement” pays off in some good submissions for us 
all to enjoy as papers at LISA. 


SAGE Discussion Groups 

sage-security 

sage-managers 

sage-outreach 

sage-pt 

sage-solo 

SAGE Bofs 

Sage Board 
s age-bof-women 

SAGE Online Services 

Email server 
majordomo@usenix.org 

FTP Server: 
ftp.sage, usenix.org 

WWW URL: 

http:fiwww.sage.usenix.org 

SAGE Supporting Member 

Enterprise Systems Management Corp. 
Great Circle Associates 


In May of this year, the 1995 LISA program committee met at the USENIX 
offices in Berkeley. What we had accomplished during the previous two weeks 
was to read and vote on the 55 paper submissions that we had received. Based 
on the votes from the committee, we began the process of selecting the papers 
for the conference. Topically there are several overwhelming paper favorites, 
things that are just so nifty-keen that everyone read it and said, “WOW!” Many 
more are really great papers and the problem can arise that there are not enough 
slots for all of them. In that case, the program committee starts to look at things 
like variations on topic (no one wants to read about several different flavors of 
an idea, even if it’s a great one), solutions that are freely available and easily 
used by lots of sites, or papers that naturally group together to make interesting 
tracks. In short, some of it’s science, and some of it’s art. 

With the paper track set, the rest of the conference offerings come together to 
round out the show. Tutorials are put together by the USENIX staff and 
reviewed/evaluated by a tutorial review committee. The Invited Talks are coor¬ 
dinated by two volunteers who augment the refereed paper selections. This year, 
a special pre-conference workshop for more advanced system administrators to 
think about what’s on the horizon is planned. And, last but not least, USENIX 
promotes and organizes a vendor display for 2 days of that week. 


10 ;login: vol.2o. no s 


SAGE NEWS 


About 2 months after the authors are advised that their 
papers have been accepted, Rob Kolstad begins formatting 
the papers for the proceedings. Trust me, hardly any of the 
authors are regretting their submission at this point! 

Whew! That’s a lot of stuff (and that’s just the bit that I 
know about) for a week-long get together with your peers to 
share questions, answers, ideas, concerns, and also hear 
about the latest new research and opinions that are avail¬ 
able. But, for those of you who have attended a LISA, you 
know this already. 

So, do look at the Call for LISA X, on pages 57-58 in this 
issue, and mark your calendars to attend next year’s confer¬ 
ence in the Windy City. But, don’t forget when you’re going 
through that call for papers that there are other dates in it as 
well, particularly that date for submitting papers! With that 
in mind, consider the timeframe for a successful paper sub¬ 
mission: there’s time to actually do the work, and then the 
time to write it up and submit it against a conference dead¬ 
line. In fact, there’s a lot of lead time on that end of things 
as well! 

So, here’s something to think about: check and see if you’re 
on track with any work that you are doing to write it up and 
submit it. If not, consider submitting a paper on what you 
are implementing this year for LISA XI. 

If it’s time for you to be part of the wildly successful LISA 
journey, co-chairs Helen Harrison and Amy Kreiling invite 
you to contact them at UsalO@usenix.org . Welcome 
aboard! 

Top 10 Tools for Lonely 
Sys Admins 

by Ken Mayer 
<kmayer@mrj.com> 

Here’s my list of tools that I couldn’t do without, in no par¬ 
ticular order: 

• Logbook 

Steve Simmons once said, “I’m not brilliant, I’ve just got 
a good memory.” [;login: J/F’93] Ditto. 

• Bernoulli Drive (or some other brand of removable 
media disk drive) 

Because when you absolutely, positively need to boot 
from a gold copy configuration of version x.y.z of 
SomeOS, it beats the heck out of hauling around a 
Seagate drive assembly. Spaf [Eugene SpaffordofPurdue 
University - Ed.] also claims that (to date), no hacker, via 


the Internet, has been able to modify or otherwise soil a 
disk that is locked inside a safe with the write-protect tab 
set. 

* Portable CD-ROM drive 

Ever notice how all the CD-ROM drives are in use just 
when you need to use one on an out-of-the-way system 
that so happens to be missing one of its own? Also dou¬ 
bles as a handy entertainment system on those long 
lonely nights in the machine room while you’re rebuild¬ 
ing a 2Gig hard drive from 2 weeks worth of backup 
tapes. 

* The O’Reilly Sys Admin Bookshelf (et al.) 

I remember making this a condition of employment (the 
other was annual attendance at LISA :-). Fast, portable, 
compatible - a good reference library is indispensable. 
And O’Reilly publishes some of the best. 

* Perl 

The Swiss Army Chain Saw of UNIX tools. 

* A box of terminators, cables, adaptors for SCSI, Ethernet, 
RS-232/432, etc. 

Remember last night (and it’s always at night, isn’t it?) 
when you needed to hook up a Macintosh running SLIP to 
the back of a router so you could bring up a back-up DNS 
server (don’t ask, you don’t want to know)? That gender 
mender came in handy. Standards are wonderful; there 
are so many to choose from. 

* Problem/Request management/tracking software 

Chapter 1 of every time management book I’ve ever read 
says that you need a single place to write down your 
tasks. Little post-it notes and slips of paper hanging out of 
every nook and cranny won’t cut it. This is probably 
where the term “it must have dropped on the floor some¬ 
where” was coined. Tracking software starts automating 
some of your logging tasks. It also gives your users a 
consistent priority (some might say triage) scheme for 
requesting work. And a 15 page report of line items is a 
good thing to show to your boss at salary review time. 

* Pager 

I know this one is going to create a lot of controversy. 

A pager can be a tool, or it can be an electronic leash. The 
only people that know my pager number are my boss, his 
secretary, and some of the other division secretaries who 
make more than a few calls to me. I swear them all to 
secrecy (that’s why they’re called secrets. ries). If some¬ 
one needs to get in touch with me, the secretaries can do 
a little prescreening for me. 


OCTOBER 1995 login l 11 



SAGE NEWS 


I also got our telephone guy to create a voice-mail box 
that doesn’t ring on any phone. I then programmed the 
box to call the pager (a nice built-in feature of our sys¬ 
tem). People call the v-mail box; I get a page a few min¬ 
utes later. Then I can screen the message. The whole 
system disconnects the person (me) from the service 
(Help Desk) in time and space. If I’m away, someone 
else carries the pager (kind of an on-call), and users don’t 
have to worry about calling a different number. (And I 
don’t have to worry about retraining users.) 

• Telephone headset for hands-free talking (or talking with 
your hands;-) 

Since I got my headset, I don't mind staying on hold as 
much. Technical support calls don’t wear me out either. 

* A hobby (a.k.a. a life outside of work) 

This one is probably more important than the rest, but I 
saved the best for last. The best sys admins I know, the 
best engineers I know, heck, the most successful people I 
know, are the ones whose life is not defined by their 
work. Without waxing philosophical or spreading too 
much psycho-babble, you need an anchor - something 
that keeps you in touch with the ground, reality. Other¬ 
wise everything gets warped out of perspective. And in 
our profession, sys admins as a class tend to be the 
obsessive Fm-not-going-to-quit-until-Tve-licked-this- 
problem type. I’m not claiming that a hobby will make 
you into the net.god, but I strongly believe that it is an 
enabling characteristic. 


The Seminar 

by John Sellens 
<jmsellens@uwaterloo. ca > 

Your vendor probably never mentioned that a little user 
education and enlightenment can make the job of a system 
administrator much simpler and more rewarding. In my 
department, one of the ways in which we communicate with 
our users and co-workers is by presenting seminars on a 
(somewhat) regular basis. 

We call what we do the “Simple Seminar Series,” and try to 
make our seminars as simple and accessible as possible. 
Simple doesn’t necessarily mean trivial or elementary - it 
means low stress, casual, and accessible to most if not all of 
the audience. Our seminars are held early Friday afternoon, 
every 2 or 3 weeks, and cover a variety of topics, presented 
by different people. We have had seminars on such topics as 
an introduction to UNIX, a proposed new software tool, and 
new hardware and system plans. We also encourage our 
users to get involved and present seminars of their own - 


the benefits are just about the same, no matter who’s actu¬ 
ally giving the seminar. 

What are the benefits of presenting seminars 
like this? 

• You can tailor your seminar schedule and topics to meet 
your local needs, and answer your customers’ and co- 
workers’ most pressing questions. 

• You can help your audience improve their skills and job 
knowledge, and you may even make your job easier in 
the process. 

• Your seminar materials can be used to make your own 
personal FAQs, so you can point your users at existing, 
locally relevant documentation instead of having to 
explain the same things over and over. 

• You (and your co-presenters) get public speaking prac¬ 
tice - improve your skills, your self-confidence, and get 
something new to put on your resume. 

• System administrators have sometimes been known for 
keeping to themselves and being somewhat isolated from 
the community they work for and with (who, me?). 
Informal seminars provide great opportunities for inter¬ 
action and camaraderie and help reinforce the idea that 
you’re all working towards the same goals. 

• And, of course, seminars can be an opportunity for you 
to get the personal satisfaction of helping your custom¬ 
ers, co-workers, and your organization. 

What makes a simple seminar successful? 

• Keep the topics as simple as possible while retaining 
some actual useful content. 

• Don’t make it so trivial that everyone is bored to tears, 
and don’t make it so complicated that you confuse your 
audience. 

• Don’t try to cover absolutely every aspect of a topic - 
think of the seminar as a survey of the topic, and include 
references to other, more complete, sources of informa¬ 
tion. 

• Keep them short - we try for 45 minutes to an hour. Any 
longer, and people get restless, bored, or called away to 
other activities. The seminars are supposed to be more 
fun than they are work. 

• Bring bait for your intended audience - we often have 
small doughnuts or some other snacks, so that no matter 
what the topic, everyone will get something out of the 


12 ;login : vol. 20 . no. 5 


SAGE NEWS 


seminar. And they may be more likely to come back to 
the next one. 

• Make slides, web pages, or small summaries of your 
seminar available, both before and after your presenta¬ 
tion. This lets people print a copy to make notes on (if 
they wish), and gives you something to refer people to 
after the fact. 

• Encourage everyone to present something that they’re 
working on. This means that it will be less one-sided, 
and more of a group effort. Think of this as an exercise in 
team building. 

• Don’t set standards for presentations that will be hard to 
follow. A full color, stereo, multimedia presentation will 
look great, but it could be intimidating to other potential 
presenters. It’s the interaction and learning that’s impor¬ 
tant, not how much technology you use in your presenta¬ 
tion. 

• And, of course, try to get the proverbial “management 
buy-in” - if the managers and supervisors in your group 
are in favor of the idea, you may get better attendance. 

We’ve had pretty good success with our seminars - you 

might find that this is an idea that will work for you too. 

And it can actually be fun. 


Monitoring Users’ 

Idle Time 

by Kent Arnott 
<karnott@tamucc. edu > 

Our DECstation 5000/240 has more than two thousand user 
accounts and averages 37-48 users per hour during a normal 
day. Before idletime. pi was implemented, we had up to 
fifteen users who would log in, read their email, and leave 
their session idle. In addition, we have a very limited num¬ 
ber of dial-in lines available on our system and the same 
type of problem would happen with people dialing into our 
comm-server. These idle sessions built up and many times 
users would be idle for 6+ hours, tying up resources and 
leaving their accounts waiting for a watchful, mischievous 
passer-by. 

idletime. pi is a Peri script using the UNIX commands w, 
ps, and grep. It is run via cron every five minutes to pick 
out users who have been idle for a designated amount of 
time. The amount of time can be configured within the 
script. It then takes these users and determines what they are 
doing. This is necessary because some programs can actu¬ 
ally be running but the w command shows them as being 
idle, i.e., sz and rz. The commands that are allowed to 


appear idle are easily set up in the array allow. If a user is 
idle and is not running an allowable idle command, the use¬ 
rid is pushed into the “allowed” array. The contents of the 
allusers array is used in conjunction with the ps-aux 
and grep commands to kill each of these processes, thus 
logging them off. 

I am fairly new to UNIX, Peri and system administration. I 
was first exposed to UNIX my junior year at Texas A&M 
University at Corpus Christi in 1992. A year later, I installed 
Linux on my home PC and began learning UNIX from a sys¬ 
tems administrator’s viewpoint. After graduating from 
Texas A&M with a BA in Computer Information Systems, I 
accepted a position with the University as a Laboratory 
Supervisor. Little did I know that in 1995,1 would become 
System Administrator at this University. In the past five 
months, I have learned more about networking and comput¬ 
ers than I ever imagined and have enjoyed every bit of it. I 
use Perl for just about everything I can. Currently I am 
working on an automated account generation and tracking 
program written entirely in Perl. The code can be down¬ 
loaded via ftp at ftp.tamucc.edu in putlunixlmisc named 
ideltime.tar.gz . 

You can catch me on IRC's #root or take a silly trip through 
my home page http:llwww.tamucc.edul~karnott or send me 
email at karnott@tamucc.edu . 

Results of the 1995 SANS 
Survey 

by Eric Anderson 
< eanders@cs. berkeley. edu> 

Introduction 

At the 1995 UNIX System Administration, Networking & 
Security (SANS) conference, I conducted a survey to deter¬ 
mine current site statistics, largest problems, and services 
provided. The 161 respondents were a self-selected subset 
of the attendees of the technical part of the conference. This 
report summarizes the results of the survey and draws some 
general conclusions. 

The short summary is: 

• Sites are continuing to get larger. The median site has 
about 350 machines up from the 1992 LISA median of 
180 machines. Similarly, the median number of adminis¬ 
trators has increased from 3 to 4. 

• Even though the survey was at a UNIX conference, PCs 
are a large fraction of the total number of machines. 


October 1995 ;login\ 13 



SAGE NEWS 


• The number of administrators correlates more strongly 
with the number of machines than the number of users. 

• The number of operating systems is a relevant factor in 
correlations between machines and administrators. The 
level of service as defined in this survey has no consis¬ 
tent effect on correlations. 

• The biggest problem that system administrators face is a 
lack of time and resources. The next two largest prob¬ 
lems are configuration management and dealing with 
users. 

• The most commonly provided service was troubleshoot¬ 
ing. The next two were installation and network services. 

• A surprising fraction (one fifth) of the respondents said 
they provided all services, or did everything. 

Summary of the Quantitative Section 

The quantitative questions attempted to get an understand¬ 
ing of current site demographics. Beyond the standard met¬ 
rics of users, administrators and types of machines, I asked 
about the level of service administrators provided and the 
number of major OS releases at the site. The question about 
level of service provided was deliberately kept vague 
because trial versions of the survey indicated that more spe¬ 
cific questions were either too hard or too narrow to answer 
accurately. 

The section on personnel contained the 
following questions: 

a. Number of administrators? 

b. Full time equivalent (FTE) administrators? A FTE per¬ 
son works 40 hours/week. 

c. Number of users? 

d. FTE users? 

e. Level of service provided [1-10]? The level of service 
was very vaguely defined. 1 was no service, and 10 was 
perfect service. 

The section on machines had the following 
questions: 

a. Number of PCs? 

b. Number of Macintoshes? 

c. Number of workstations? 

d. Number of terminals? 

e. Number of servers? 

f. Number of mainframes/super-computers? 

g. Number of major OS releases? (Solaris 2.3 = Solaris 2.4; 
Dos 5.0 * Windows 3.1; IRIX 4.0.5 * IRIX 5.2) 


Cleanup of the data 

I received 161 completed surveys. I made the following 
interpretations of people’s answers: 

• If either the number of administrators or FTE administra¬ 
tors was left blank, I assumed they were the same, simi¬ 
larly for users. 

• If people left one of the number of machines questions 
blank, I assumed they had none of those machines. 

• If people filled in a range (x-y), I used the average of the 
two values. 

• If people filled in a minimum (x+ or >jc), I just used the 
minimum. 

Some people seemed to enter an incorrect number for num¬ 
ber of major OS releases. For example, some people listed 
many different UNIX vendors under the “number of servers” 
question, but didn’t have enough OS’s to cover all of those 
machines. I corrected these answers and a few other mis¬ 
takes as best I could. All of the corrections have been docu¬ 
mented in the data file 1 . 

I discovered that for the data I collected, mathematical 
means are very misleading. For all of the variables except 
for level of service, the standard deviation is much larger 
than the mean. For example, the mean number of machines 
per site is 1493. The standard deviation is 3360. Moreover, 
75% of the surveys reported fewer than 1182 machines. For 
this reason, I am not going to present means. I consider 
them too misleading to be valuable. 

The Art of Computer Systems Performance Analysis [1] rec¬ 
ommends using medians instead of means if the data is 
skewed. Therefore, I will present medians, quantiles and 
semi inter-quartile ranges (SIQR). The SIQR is analogous to 
the standard deviation because it measures dispersion from 
the median. Appendix A describes how to calculate these 
values. 

Results 

Table 1 shows the median, SIQR, some quantiles for the 
original variables, and some combinations. The quantiles 
provide a reasonable picture for how the data is distributed. 
This allows sites to determine how large their site is relative 
to other sites. 

PCs represent more than half of the machines at 25% of the 
sites. These results represent a wide range of sites. 5% of 
the sites have more than 8013 machines. Even the smaller 
sites are not tiny. 95% of the sites have more than 26 
machines. These sites are using a large number of operating 


1 The original survey, data, and program used for analysis is 
available from http:llnow.cs,berkeley.edu!Sysadmin!SAN895- 
Survey 


14 ;login: vol.20. no. 5 



SAGE NEWS 


Quantiles 


Variable 

Median 

SIQR 

0.05 

0.1 

0.25 

0.5 

0.75 

0.9 

0.95 

Administrators 

4 

2.5 

1 

1 

2 

4 

7 

20 

25 

FTE Administrators 

4 

3.25 

1 

1.2 

2 

4 

8.5 

20 

45 

Users 

400 

425 

25 

40 

150 

400 

1000 

4000 

6300 

FTE Users 

300 

350 

20 

20 

100 

i 300 

800 

2500 

5000 

Service 

7 

1 

4 

4 

6 

7 

8 

9 

9 

PCs 

75 

247 

0 

0 

7 

75 

500 

2000 

4000 

Macintoshes 

10 

40 

0 

0 

0 

10 

80 

600 

1000 

Terminals 

15 

35 

0 

0 

0 

15 

70 

300 

500 

Workstations 

91 

116 

1 

5 

18 

91 

250 

700 

1100 

Servers 

12 

8 

1 

2 

4 

12 

20 

70 

100 

Mainframes 

0 

1 

0 

0 

0 

0 

2 

4 

10 

OS Releases 

6 

2.5 

2 

2 

4 

6 

9 

11 

13 

Machines 

346 

535 

26 

41 

112 

346 

1182 

3484 

8013 

PCs / Machines 

0.35 

0.25 

0 

0 

0.08 

0.35 

0.57 

0.75 

0.84 

FTE Users / FTE Admin 

59 

36.9 

10 

12.5 

32.9 

59 

107 

250 

667 

Machines / FTE Admin 

70 

66.7 

10 

18 

35 

70 

168 

479 

850 

Machines / FTE User 

1.23 

0.470 

0.261 

0.544 

0.893 

1.23 

1.83 

4.27 

6.61 

Machines / User 

1.10 

0.482 

0.122 

0.263 

0.677 

1.10 

1.64 

3.05 

4.34 


Tbble 1. Medians and quantiles for the original and combined variables. This table should help readers 


determine their site’s size relative to other sites. 


systems. 50% of the sites use more than 6 operating sys¬ 
tems. 25% use more than 9 operating systems. Job Descrip¬ 
tions for System Administrators [2] says that a large site is 
one with at least 100 computers, or at least three operating 
systems, or at least 100 users. Given these definitions, the 
data shows that more than 75% of all the sites in this survey 
are large sites. This is unsurprising since large sites are 
probably more willing to send administrators to confer¬ 
ences. 

This following graph shows the percentage of sites with a 
ratio of FTE user / FTE administrator less than each x value. 
Values above the 0.9 quantile were eliminated to improve 
readability. The graph seems to have one slope up to around 
75 users / administrator, and a lower slope above 75 users / 
administrator. Some kind of automation is probably used to 
achieve the higher ratios. 



Note: 10% of the sites have a ratio larger than 250: 1 


The next graph showing the ratio of machines to FTE 
administrators also seems to have two slopes, with the 
change happening around 125 machines: administrator. 
Again, the sites with the larger ratios are probably using 
more automation. 


October 1 995 ; login: 15 



SAGE NEWS 



Machines / FTE Administrator Ratio 
Note: 10% of the sites have a ratio larger than 500: 1 

Correlations 

I calculated correlation coefficients for all of the pairs of 
input values. The correlation coefficient of two variables 
indicates the quality of a linear fit between two variables. 
Good correlations are close to ±1. Bad correlations are close 
to 0. The sign of the correlation indicates whether increas¬ 
ing one variable increases (positive) or decreases (negative) 
the other. In general, I will report correlation coefficients of 
at least 0.5. For correlations involving administrators or 
users I will report both the FTE count and the nominal 
count. 

Some of the correlations were not surprising: 

• Admin: FTE Admin = 0.93 

• Users: FTE Users - 0.73 

• FTE users: # of PCs - 0.64 

• Users: # of PCs * 0.45 

• FTE users: # of Workstations - 0.62 

• Users: # of Workstations = 0.42 

Those values indicate that the more administrators or users 
a site has, the more FTE administrators or users they are 
likely to have, and, that more users require more machines. 
The higher correlation for FTE users:machines indicates 
that sites are more likely to have machines for full time peo¬ 
ple. 

The correlations in Table 2 indicate the more fundamental 
correlation between number of administrators and number 
of machines: 

PCs Macs Workstations Servers 
Admin 043 054 0.59 

FTE Admin 0.67 0.51 0.48 0.56 

Table 2. Machine: Admin Correlation Coefficients 


The fact that the coefficients increased for both PCs and 
Macs for FTE Admins, and decreased for workstations and 
servers may indicate that Macs and PCs need full-time 
administrators rather than allowing people to perform other 
tasks in addition to administration. 

The correlation coefficient of users: OS releases is 0.49, but 
this doesn’t seem to indicate anything. Moreover, the coeffi¬ 
cient of FTE users: OS releases drops to 0.17. 

I took the various variables and combined them in many 
ways. The following composite variables led to interesting 
correlations: 

• Total number of machines 

• FTE Admins / Service - The idea was that a higher level 
of service requires more administrators. 

• Machines * OS Releases - The idea was that more oper¬ 
ating systems makes administration harder. 

I calculated correlations involving these variables, and also 
plotted the data. Given the appearance of the plots, I tried 
correlations after eliminating the largest and smallest 5% in 
any of FTE administrators, FTE users, and machines. I also 
tried correlations with the largest and smallest 25% in any 
of FTE administrators, FTE users, and machines. I discov¬ 
ered that large and small sites had very different correla¬ 
tions. Administrators tended to corollate with machines for 
large sites, but didn’t for small sites. The following 4 tables 
summarize the different correlations for administrators for 
different sections of the data. 


FTE 


Correlation 

between 

Admin 

Admin/ 

Serv. 

FIE 

Admin 

Admin 
/ Serv. 

Users 

0.24 

0.27 

0.21 

0.21 

FTE Users 

0.38 

0.39 

0.34 

0.32 

Machines 

0.64 

0.70 

0.69 

0.75 

Machines * OS 

0.65 

0.71 

0.71 

0.76 

Table 3. Initial Correlations. 161 surveys. 



Correlation 

between 

Admin 

Admin/ 

Serv. 

FTE 

Admin 

FTE 
Admin / 
Serv 

Users 

0.24 

0.18 

0.26 

0.18 

FTE Users 

0.37 

0.32 

0.34 

0.30 

Machines 

0.36 

0.29 

0.34 

0.30 

Machines * OS 

0.42 

0.36 

0.41 

0.38 


Table 4. Correlations removing the 10% outliers in any of 
FTE Users, FTE Admin, or Machines. 122 surveys 
remained. 


16 ;login : vol. 20 • no. 5 




SAGE NEWS 


Correlation 

between 

Admin 

Admin/ 

Serv. 

FTE 

Admin 

FTE 
Admin 
/ Serv. 

Users 

0.13 

0.17 

0.10 

0.11 

FTE Users 

0.23 

0.25 

0.18 

0.16 

Machines 

0.55 

0.64 

0.61 

0.70 

Machines * OS 

0.59 

0.67 

0.65 

0.72 


Table 5. Correlations using the largest 25% of sites in at least 
one of FTE Users, FTE Admin, or Machines. 

67 surveys remained. 


Correlation 

between 

Admin 

Admin/ 

Serv. 

FTE 

Admin 

FTE 
Admin 
/ Serv. 

Users 

0.31 

0.27 

0.22 

0.23 

FTE Users 

0.24 

0.19 

0.09 

0.10 

Machines 

0.17 

0.13 

-0.03 

-0.03 

Machines * OS 

0.14 

0.11 

0.01 

0.01 


Table 6. Correlations using the smallest 25% of sites in at 
least one of FTE Users, FTE Admin, or Machines. 

66 surveys remained. 

Given the very high variability of all of this data, all of these 
conclusions should be considered tentative. Correlation 
coefficient calculations include standard deviations and 
means, and hence may be biased by outliers. Regardless, 
some of the correlations in the data make intuitive sense. 

Except at the smallest 25% of sites, the correlation between 
machines and administrators was much stronger than the 
correlation between users and administrators. Increasing the 
number of machines results in more complexity, and hence 
requires more people. As sites progress toward having 2-3 
machines per user, it will be interesting to see if this correla¬ 
tion remains. 

In almost every case, multiplying the machines by the num¬ 
ber of operating systems improved the correlation. This 
indicates that extra operating systems increase the complex¬ 
ity of the system. 

Dividing by service improved the correlation in half the 
cases and made it worse in the other half. This could mean 
that the level of service is unimportant, or that the definition 
of service needs to be made more specific. 

Summary of Qualitative Questions 

This section of the survey had two questions with blanks for 
people to write-in responses. The questions were: 

• What are some of the largest problems you face in sys¬ 
tem administration? What tools could help in solving 
these problems? 


• What kind of services do you provide for your users? 

For all the answers, I categorized the problems and services, 
and then sorted them by the number of people with answers 
in each category to discover which problems and services 
were most commonly mentioned. Some answers were put 
into multiple categories because people listed multiple prob¬ 
lems or services. I provide more detail on the top three prob¬ 
lems. 

largest Problems 

• Time Management / Insufficient resources (50 people) 

- Handling email queues 

- Management support - money and staff 

- Limiting other projects - being allowed to say “no” 

• Configuration Management (35 people) 

- Updating configuration files (with both push & pull) 

- Distributing patches 

- Standardizing configurations 

- Handling locally developed and freely available soft¬ 
ware 

• Users (31 people) 

- Answering simple questions 

- Getting respect from users and mgmt. for SA’s work 

- Making users understand what is possible 

- Creating standards and getting users to read and follow 
them 

• Security (23 people) 

• Network (18 people) 

• Policy (16 people) 

• Interoperability — Non UNIX( 14 people) 

• Backups (12 people) 

• Monitoring (8 people) 

Given this list of problems, finding out how administrators 
are currently spending their time becomes even more impor¬ 
tant. People frequently mentioned wanting more support 
from management to get staff and money for tools. Users 
were commonly cited as not appreciating the job that the 
administrator is doing to keep machines running, but only 
noticing when things didn’t work. 

Services Provided 

• Troubleshooting (76 people) 

• Installation (57 people) 

- HW&SW 

• Network Services (52 people) 

- Mail, DNS, WWW, NFS, printers, Internet 

• Maintenance (35 people) 

- SW, HW, config files, tuning 

• Everything (29 people) 

• Training (23 people) 

• Security (21 people) 

• Software Development (8 people) 

• Planning (6 people) 

• PC problems (5 people) 

• Dialup (5 people) 

• Internal Applications (3 people) 


October 1 995 ; login: 


17 




SAGE NEWS 


Clearly the largest service provided is troubleshooting. This 
result matches well with Rob Kolstad’s 1992 survey [3] on 
time expenditure, which also found that most of a SA’s time 
was spent dealing with users’ problems, i.e., troubleshoot¬ 
ing. 

The result that is most amazing to me is the number of peo¬ 
ple who said they provided “all services,” or did “every¬ 
thing.” The feeling of having to provide all services is 
probably part of the reason why time management and 
insufficient resources are one of the largest problems for 
system administrators. 

These results differ from the time survey in that installation 
was listed more often than maintenance, although the time 
expenditure survey said that more time was spent in mainte¬ 
nance than installation. I believe this results from a different 
classification. I classified many things under troubleshoot¬ 
ing that were classified as part of maintenance in the time 
survey. Furthermore, some operations, such as modifying 
configuration files are both installation and maintenance 
tasks. The choice in classification depends on whether the 
task was performed when the HW/SW was initially 
received or if it was performed later. 

Conclusion and Future Work 

This survey provides more up to date information on current 
site demographics. It shows that considering the number of 
operating systems is important in determining the amount of 
work that S As have to do. It also provides a list of services 
that S As provide, to make a better measurement of such ser¬ 
vices possible. The largest problem seems to be the interac¬ 
tion between users and administrators. Many administrators 
complained that they were not allowed to say no, and so had 
to perform all tasks no matter how unreasonable. As Eliza¬ 
beth Zwicky said in her talk on “Goals of System Adminis¬ 
tration” [4], it is important for users to know some things 
are unsupported and tasks will not be handled by the admin¬ 
istrators. It seems that administrators need to talk with man¬ 
agement to establish a list of supported and unsupported 
services. The list of services provided can be a starting point 
for developing this new list. 

The high variance of the data indicates that more samples 
are needed. For this reason, I have put the survey on-line 
through http:Hnowxs.berkeley.edulSysadminlsurveys.htmL 
This will allow more people to fill out the survey, and hence 
improve the quality of the conclusions. 


References 

[1] Raj Jain, The Art of Computer Systems Performance 
Analysis. New York: John Wiley & Sons, Inc. 1991. 

[2] Tina Darmohray, ed. Job Descriptions for System 
Administrators. Published by The USENIX Association for 
SAGE, the System Administrators Guild. 

[3] Rob Kolstad, “1992 LISA Time Expenditure Survey” 
published in ;login:. 

[4] Elizabeth D. Zwicky, “Goals of System Administra¬ 
tion.” Proceedings of the 1995 System Administration, 
Networking , and Security Conference . 

Acknowledgments 

The author would like to thank Rob Kolstad, Elizabeth 
Zwicky, Eric Allman, and Dave Patterson for useful feed¬ 
back on initial versions of the survey; the people who 
helped hand out and collect the survey at the SANS confer¬ 
ence (sorry, I didn’t record all of your names); and the mem¬ 
bers of the Network of Workstations project for useful 
feedback on this article. 

Appendix A. Medians, Quantiles, and Semi 
Inter-quartile Ranges (SIQR) 

The a-quantile is the data value that is greater than or equal 
to a fraction of the data. Specifically, given a sorted list 
jc[l..n], the a quantile (x a ) is x[(l+ (n-l)*a)], where (.) 
represents rounding to the nearest integer, or down if the 
value is exactly half way between two integers. The 0.25, 
0.5, and 0.75 quantiles are called the 1st, 2nd, and 3rd quar- 
tiles. The 2nd quartile (0.5 quantile) is also called the 
median. 

The semi inter-quartile range (SIQR) measures dispersion 
from the median. The SIQR - (*o .75 - * 0 . 25 )/^ he., half the 
difference of the 3rd and 1st quartile. 


18 ;login: voi. 20 • no. 5 


SAGE NEWS 


A Secure Rsh Replacement 

by Shawn Instenes 
< shawni@celene. rain. com> 

SSH is an enhanced-security rlogin, rsh and rep replace¬ 
ment that uses strong cryptographic techniques to solve 
many security problems inherent in the original “r com¬ 
mands,” such as IP spoofing (see Listing One), TCP session 
hijacking, password sniffing, and DNS spoofing. Further¬ 
more, it solves a few security problems involved with run¬ 
ning XI1 programs remotely. It was written by Tatu Ylonen 
<ylo@cs.hut.fi> at Helsinki University of Technology. 

SSH uses multiple kinds of encryption technology to pro¬ 
vide strong privacy and trustworthy authentication. DES, 
Triple DES, or IDEA encryption can be used to encrypt data 
streams. RSA public-key cryptography is used to allow 
remote users to prove their identity; IP numbers are not used 
for this purpose by default (as they are with rsh , rep , & rlo¬ 
gin). XI1 connections are automatically forwarded through 
the encrypted link, which also means your DISPLAY vari¬ 
able is always set correctly. 

SSH uses GNU’s configure program for portability, so 
building it is very easy. RSAREF is required for RSA 
authentication, but SSH can be built without it, with a corre¬ 
sponding loss of security. 

In the SSH installation process, the file JetcJsshconfig con¬ 
tains per-host configuration options. You can configure XI1 
forwarding on or off by default, for example, if SSH wil 
honor .rhosts- style authorization. I’ve found that the 
defaults are reasonable. 

Also created at this installation time is the public/private 
RSA key pair for the host, used to help prevent IP spoofing. 
Each host can verify a SSH request by simply asking the 
remote host to sign a random challenge; if the signature 
checks, then the remote host has proven its identity. This is 
useful for providing letcihosts.equiv functionality without 
relying on correct IP numbers. 

With RSA enabled, you begin using SSH by generating a 
public key and a private key with ssh-keygen. The private 
key is stored encrypted, with the encryption key being a 
pass phrase of your choice. To allow remote users to log 
into their accounts, their public keys are added to $HOMEI 
.sshlauthorized keys, just as a line would be added to 
$HOMEI.rhosts to authorize a remote IP/usemame pair. 
When an SSH command is run, the remote machine looks in 
the authorized keys file to see if the connection is autho¬ 
rized; if so, the user proves his identity by typing his pass 
phrase (used to encrypt his private key originally). The SSH 
client program uses the private key to sign a randomly-gen¬ 


erated challenge sent to it by the server. The server verifies 
the signature, and allows access if successful. 

Typing in the pass phrase for every remote connection can 
grow tedious rather quickly, so a nice feature built into the 
SSH package is authentication forwarding, which eliminates 
this. It works by using a program called ssh-agent to hold 
the private keys, and when the SSH client needs to authenti¬ 
cate itself, it simply forwards the request to the ssh-agent 
instead of prompting for a password. If the ssh-agent doesn’t 
have the pass phrase, then the phrase is prompted for nor¬ 
mally (but the key is not added to the ssh-agent’s list, until 
ssh-add is used). There is some additional risk with using 
ssh-agent , since the private keys exist unencrypted in mem¬ 
ory. 

If SSH is installed without RSA authentication, it is still use¬ 
ful, but more limited. IP spoofing attacks are possible if 
.r/iaste-style authorization is enabled, but TCP hijacking still 
isn’t useful without the session encryption key. Reusable 
passwords are not exposed to snooping. XI1 connections 
are still forwarded and encrypted. 

I’ve had SSH installed for several weeks now, and it’s been 
wonderful to use. Most security-enhanced versions of pro¬ 
grams are more onerous than the originals; not so for SSH. 
And with SSH in place, my login connections and remote 
shells are private, strongly authenticated, and useless if 
hijacked. 

URLs to visit 

• IP spoofing reference: 
http:liwww.msen.coml~emvltubedJspoofing.html 

• SSH: http:Uwww.cs.hut.fijsshl 

• Documentation for SSH protocol: 
http:llwww.cs.hut.fiJsshJRFC 

• RSAREF2: ftp:JJftp.rsa.comirsarefiREADME - contains 
instructions on how to transfer RSAREF 2.0 (US and 
Canada access only). 


OCTOBER 1995 ;login\ 19 



SAGE NEWS 


What’s Up on the Tel 
Front? 

by John Schimmel 
<jes@sgi.com> 

I recently returned from the 1995 Tcl/Tk Workshop in Tor¬ 
onto where a few things came up that you may not have 
heard about yet. The commercialization of Tcl/Tk, the addi¬ 
tion of required functionality in the core, and the advance¬ 
ment of the available extensions all have roles to play in the 
next year of Tel development. 

The big theme this year was how to make Tel succeed in the 
world at large. The movement from a small research project 
to a self-perpetuating entity is a rough transition. In a simi¬ 
lar way to UNIX, Tel needs to find its niche without self 
destructing in the process. 

Sun Microsystems is working on pushing Tel as the univer¬ 
sal scripting language, and as such is porting Tel and Tk to 
Windows and the Macintosh. The goal is for a Tk applica¬ 
tion to run unchanged on Windows with the Microsoft look 
and feel, and on a Macintosh with the Apple look and feel, 
without seriously affecting the X windows interface that we 
have all come to know and love. 

Another piece needed to affect the Visual Basic market is a 
GUI builder, also on Sun’s plate. An early prototype of a 
builder done by Stephen Uhler at Sun was demo’d at the 
workshop and received a lot of praise. 

To really drive the commercial push, the concept of a cen¬ 
tral marketplace to deliver Tel extensions was bandied 
about. The idea is to have a Web-based storefront where 
people can acquire an extension to their favorite database, 
multimedia package, or windowing system. Several compa¬ 
nies have already been playing with the technology to offer 
such a beast, and Tel extensions appear to be a logical prod¬ 
uct for this type of store. The low cost for adding content, 
and the possible rewards of charging even a small price for 
a popular extension, should draw a large number of crackers 
into the game. 

From the technical point of reference, there were a number 
of issues found in Tel that stand in the way of its expansion. 
Of these, there were really two that stood out as needed 
changes in the core interpreter that should be added in the 
near future: dynamic library support and name-spaces. Both 
of these are available now as extensions, but in order to sell 
extensions themselves as a product it is obvious that people 
should not have to rebuild their interpreter for each one, or 
have to depend on a second hand dynamic shared library 
package. No such DSO extension stands out as a basis for 
the core changes; nearly everyone at the workshop had 
developed their own. 


Name-spaces of some form are available in each of the 
object-oriented Tel extensions in the archive. Most of these 
simply involve a naming convention, but the new [incr tel] 
extension by Michael McLennan includes patches to the 
core. The standard name-space changes may very well be 
based on these, but the core is still owned by the original 
author, John Osterhout, and he may find an alternative 
method that works better in a wider audience. 

As with all good workshops, a number of sensational appli¬ 
cations were demonstrated. Gerald Lester, from Computer¬ 
ized Processes Unlimited, still owns the largest Tel based 
application at around 300,000 lines of code, as well as the 
largest overall code base in excess of half a million lines of 
Tel. 

The Sun demo applications from Stephen Uhler, the GUI 
builder “SpecTcl” and a WWW browser called “Hippo- 
criTcl,” were both highly praised. The HTML parser, done 
with a dozen or two regular expressions embedded in his 
web browser, was very cute. 

The Pad++ drawing application and zoomable widgets by 
Benjamin Bederson at the University of New Mexico, got 
my vote as the best Tel application shown. Between his first 
demo and his last, a couple days later, he was able to add 
real-time image scaling and movie support. The concept of a 
zoomable workspace will, undoubtedly, be a hot topic 
through the next year. 

There were a number of people working on multimedia 
extensions that deserve praise. I think that the most interest¬ 
ing of these was the work on embedding Tel code in media 
streams to drive media dependent actions by Jonathon Her- 
locker and Joseph Konstan at the University of Minnesota. 
One can envision embedding commands to allow the audi¬ 
ence to manipulate the content in future products. 

Also, there was a paper about a set of network management 
extensions called “Scotty,” by J. Shonwalder and H. Lagen- 
dorfer at the Technical University of Braunschweig, that I 
wish I had known about before I wrote the last Tel article for 
;login:. If you were turned on about doing network manage¬ 
ment with Tel in last months’ column, fetch this package. It 
adds support for much more of the SNMP base as well as 
other protocols, and some nice GUIs. 

As always, if you want more information about Tel that is a 
little more up to date, read comp.lang.tcl, or check out the 
Tel web pages: http:IIwww.xxo.uklof_interestltcllTcl.html 
and http:Uwww.smli.comlresearch!tel. If you want to get Tel 
or any of the extensions mentioned in this article take a look 
ai ftp:fljtp.aud.alcatel.com/tcl. And, I strongly suggest pick¬ 
ing up the Tcl/Tk ‘95 Workshop Proceedings from the 
USENIX office. 


20 ;login: voi 20 . no 5 



SAGE NEWS 


If you want to have your say in the future direction of Tel as 
a language (see the Call for Papers on pages 53-54 of this 
issue) you should make plans to attend next year’s work¬ 
shop, and get active in the Tel society through the news- 
group. 


Opinion: Professionalism 

by Paul Evans 
<ple@usenix. org > 

I will start this article with an assertion: Professional Sys¬ 
tem Administrators have a positive obligation, as an ele¬ 
mental requirement of professional ethics, to do their work 
in a way that advances the state-of-the-art in system admin¬ 
istration (or at least doesn’t cause it to regress). The defini¬ 
tion of what constitutes state-of-the-art or best practice 
work is to be determined by the profession, and not by 
employers. 

In 1988,1 attended the LISA II Workshop in Monterey, 
when the conference was small (75-100 attendees), there 
was only one track, and all the attendees could comfortably 
fit in a single auditorium. The workshop took place the 
week after the great Internet worm of November 2,1988, 
and this was (not surprisingly) a major topic of conversa¬ 
tion. 

Billing it as a workshop, the conference organizer Alix 
Vasilatos invited the attendees to sign up to lead informal 
discussions at an evening session. One might say these were 
intended to be embryonic BOFs or WIPs. Having thought 
deeply about the issue, and feeling like I had something 
really important to say, I signed up to lead a discussion 
about ethics. In retrospect, this was probably not the best 
way to describe the constellation of issues I was really inter¬ 
ested in. 

The evening session took place after the reception, with the 
result that many of the luminaries of our profession had 
consumed a few beers and were ready for a night of great 
fun mowing down the hapless presenters. When I got up to 
say a few words that might interest the attendees in joining 
my discussion, things quickly degenerated; the luminaries 
made it clear that they were not interested in hearing 
another discussion about the reading of users’ email, which 
is apparently what they thought a discussion of professional 
ethics entailed. The only two people who did want to talk to 
me were also interested mainly in this issue. 

I thought then, and I think now, that this is a fundamentally 
uninteresting issue. You make a policy, get it approved by 
the appropriate (i.e., highest) level of your organization’s 
management, and then publicize the hell out of it. Then 
everyone, system administrators and users, knows that 


email either is, or is not, subject to being read, and can pro¬ 
ceed accordingly. 

The issue I really wanted to raise was: Who sets the stan¬ 
dards for the quality of professional work? The profession 
or the employer? At the time, my manager and I were wres¬ 
tling with his managers, whose attitudes could only be 
described as militantly retrograde. The management was 
filled to an unfathomable depth with bitterness and resent¬ 
ment toward their customer base (whom one might think 
would be the ultimate arbiter of such issues) for their failure 
to continue buying the company’s mainstay product, which 
was based on the Intel 8080 processor. They were really dig¬ 
ging in their heels about doing product development on 
UNIX platforms, and their reasons were telling indeed: 
“UNIX is a false standard of technical excellence being 
shoved down our throats by the universities,” said the VP of 
Engineering. I was so stunned by this pronouncement that I 
remember it, word for word, almost a decade later. Never¬ 
theless, for all its wrong-headedness, it’s a statement with a 
lot of insight: UNIX did (and does) represent a standard of 
technical excellence, and specifically, a standard of excel¬ 
lence not under the control of the employer. 

This gets to the core of what it means to be a professional 
engineer, an issue that first arose in this country in the early 
nineteenth century during the great age of road, bridge and 
canal building. There is a fundamental conflict between the 
entrepreneur who finances the building of a bridge, and the 
civil engineer who designs and builds it. The entrepreneur 
wants to build the lowest-cost, highest-profit bridge possi¬ 
ble. The engineer wants to build the safest and “best” bridge 
possible, “best” usually meaning that its design and con¬ 
struction advance the technical state-of-the-art, or at least 
meet agreed upon standards of best current practice. In the 
early nineteenth century, the conflict was complicated by the 
fact the entrepreneur and the engineer were frequently the 
same person. Furthermore, the entrepreneur does not want 
the bridge to fall down - that would be bad for business. 
Similarly, the engineer knows that saving money is not 
always bad; indeed, conducting a building project in an eco¬ 
nomical way is part of good engineering. 

In the end, society solves this difficult set of problems by 
professionalizing those activities that, when done badly, are 
most likely to cause serious social harm: medicine, law, 
engineering. The running of large networks of computers, 
which is the responsibility of the professional system 
administrator, seems to me to meet the test that when it is 
done badly, it is likely to cause great social harm. And the 
standard to which society holds the professional is always 
the same, whether stated or not; that is, to work (at mini¬ 
mum) to the standard of best current practice as defined by 
the profession, not the employer. 


October 1995 ; login: 21 


SAGE NEWS 


I believe that real professionalization, in the legal sense, is 
coming for system administration, and that we ought to 
have a code of ethics that reflects that fact. The places where 
that code of ethics should start are with the obligation of the 
professional to work to the standards of best practice set by 
the profession, and with the obligation of the profession to 
take responsibility for setting those standards. 

Call for Nominees for 
Election to SAGE Board 
of Directors 

by Pat Wilson 
<paw@usenix.org> 

SAGE is accepting nominations for 4 new members of its 
Board of Directors until October 9, at noon, PST. Anyone 
interested in running for the SAGE board should send his or 
her name and telephone number and a brief statement to the 
nominating committee via email: sage-nomcom@usenix.org. 

You can also send U.S. Mail to the SAGE Nominating Com¬ 
mittee care of: 

USENIX Association 
2560 Ninth Street, Suite 215 
Berkeley, CA 94710 

The nominating committee will gather the candidates’ 
names and contact each of them before the election takes 
place. 

In this election, directors will be chosen for 2 year terms 
(beginning January 1,1996) and will join returning Board 
members Kim Trudel, Bryan McDonald, and Hal Miller 
(elected last year to two year terms which began Jan 1, 
1995). The SAGE Board chooses its own officers after each 
general election (every year). All candidates will be 
expected to respond for publication to a set of questions pre¬ 
sented by the Nominating Committee. There will be an on¬ 
line forum (most likely an archived mailing list) to enable 
SAGE members to pose questions to the nominees. 


The new board will take office in January, 1996, and will 
hold their first meeting at the USENIX Technical Conference 
in San Diego, California. Current estimates indicate that the 
new board will have at least 2 face-to-face meetings a year, 
one each at LISA and at the USENIX technical conferences, 
and other meetings via teleconference. 

If you have questions about the nominating process, or 
what Board membership entails, please send mail to 
sage-nomcom@usenix.org or contact a current member of 
the SAGE Board. 

Community News: A 
New Form of Professional 
Recognition 

by Paul Evans 
<ple@Synopsys. COM > 

I’ve always been very interested in the space program, and 
so I was in line at my local movie theater on Friday night, 
June 30th, when Ron Howard’s “Apollo 13” opened. With 
me were my wife and some of my co-workers, including fel¬ 
low SAGE co-founders Arnold and Laura de Leon. We 
enjoyed the movie, and lingered in the theater for a few min¬ 
utes to check out the credits. We got a pleasant surprise 
when a credit rolled by for: 

Sr. System Administrator Shoshana Abrass 

This is the first time that we’ve seen a movie credit for a sys¬ 
tem adminis trator, and it happens that we know Shoshana - 
before moving to the Los Angeles area a few years ago, she 
was a co-founder of both BayLJSA and SAGE. So we’d all 
like to congratulate Shoshana on receiving this new and 
unique form of professional recognition! 


22 ;login: voi. 20 


NO. 5 



FEATURE 


A Practical Guide to 
Internationalization, Part 2: 

Using National Characters in Hardware and 
Applications 

by Michael Gschwind 

<mike@vlsivie.tuwien.ac.at> 

<http:llwwwylsivie.tuwienMCMtimikelmike.html> 

TCP and ISO 8859-1 

TCP was specified by US-Americans, for US-Americans. TCP still carries this 
heritage: while the TCP/IP protocol itself is 8-bit clean, no effort was made to 
support the transfer of non-English characters in many application level proto¬ 
cols (mail, news, etc.). Some of these protocols still only specify the transfer of 
7-bit data, leaving anything else implementation-dependent. 

Since the TCP/IP protocol itself transfers 8-bit data correctly, writing applica¬ 
tions based on TCP/IP does not lead to any loss of encoding information. 

FTP and ISO 8859-1 

Transmitting data via FTP is an interesting issue, depending on what system 
you use, how the relevant RFCs are interpreted, and what is actually imple¬ 
mented. 

If you transfer data between two hosts using the same ISO 8859-1 representa¬ 
tion (such as two UNIX hosts), the safest solution is to specify ‘binary* trans¬ 
mission mode. 

Note, however, that use of the binary mode for text files will disable translation 
between the line-ending conventions of different operating systems. You might 
have to provide some filter to convert between the LF-only convention of 
UNIX and the CR-LF convention of VMS and MS Windows when you copy 
from one of these systems to another. 

If the FTP server and client computers use different encoding, there are two 
possible approaches: 

• Transfer all data as binary data, then convert the format using a conversion 
tools such as recode to translate the transferred data. 

• Specify an ASCII connection, and have your FTP server and client convert 
the encoding automatically. 

While the first approach always works, it is somewhat cumbersome if you 
transmit a lot of data. The second transfer solution is much more comfortable, 
but it depends on your client (and server) to take care of the appropriate charac¬ 
ter translations. Since there is no universal standard for network characters 
beyond ASCII (NVT-ASCII as specified in RFC 854), this depends on the attitude 
of your software vendor. 

Most Apple Macintosh network software is configured to treat all network data 
as having ISO 8859-1 encoding and automatically translates from and to the 
internal MacOS data representation. 


Glossary: 


i 18n 

I<— 18 letters ~>n - 
Internationalization 

el3n 

Europeanization 

llOn 

Localization 

ANSI 

American National Standards 
Institute, the US member of 
ISO 

ASCII 

American Standard Code of 
Information Interchange 

CP 

Code Page 

CP850 

Code Page 850, the most 
widely used MS DOS 1 
code page 

CTAN 

Server 

A TeX archive server 

EBCDIC 

A proprietary IBM character 
set used on mainframes 

ECMA 

European Computer 
Manufacturer’s Association 

ESMTP 

Enhanced SMTP 

IEEE 

Institute of Electrical and 
Electronics Engineers 

INRIA 

Institut National de 

Recherche en Informatique 
et Automation 

ISO 

International Standards Orga¬ 
nization 

MCS 

DEC’S Multilingual 

Character Set 

MIME 

Multi-Purpose Internet 

Mail Extension 

MTA 

Mail transfer agent (a.k.a. 
mail daemon) 

MUA 

Mail user agent 

SMTP 

Simple Mail Transfer 

Protocol 

URL 

A WWW Uniform 

Resource Locator 

US-ASCII 

The US national variant of 
ISO 646, see ASCII 


October 1995 ;login: 23 


FEATURE 


MS-DOS programs are much less well-behaved, and you 
have to discover for yourself whether your particular FTP 
program performs conversion. 

An additional issue with the automatic translation is how to 
translate unavailable characters. If FTP is used to store and 
retrieve data, the original file should be re-constructible 
after conversion. If data is to be printed or processed, differ¬ 
ent encodings (e.g., graphic approximation of characters) 
may be necessary. (See the section on character set transla¬ 
tion for a full discussion of encoding transformations.) 

A second, optional parameter is possible for ‘type ascii’ 
commands, which specifies whether the data is for non¬ 
printing or printing purposes. Ideally, FTP servers for non- 
8859-1 servers would use this parameter to determine 
whether to use an invertible encoding or graphical and/or 
logical approximation during translation. (Although RFC 
959, section 3.1.1.5 does not require this.) 

Electronic Mail and ISO 8859-1 

Most Internet email standards come from a time when the 
Internet was a mostly-US phenomenon. Other countries did 
have access to the net, but much of the communication was 
in English nevertheless. With the propagation of the Inter¬ 
net, these standards have become a problem for languages 
which cannot be represented in a 7-bit ISO 646 character 
set. 

Using ISO 646, which uses a slightly different character set 
for each language, also poses a problem when crossing a 
language barrier, as the interpretation of characters will 
change. As a result, most countries use the US-variety of the 
ISO 646 standard (commonly referred to as US-ASCII) and 
will use escape sequences such as e (e) or “a (a) to refer to 
national characters. The exception to this rule are Nordic 
countries (more so in Sweden and Finland, less so in Den¬ 
mark and Norway), where the national ISO 646 variant has 
garnered a formidable following and is a common reference 
point for all Nordic users. 

As this situation is clearly unsatisfactory, several methods 
of sending mails encoded in national character sets have 
been developed. We start with a discussion of the mail 
delivery infrastructure and will then look at some high-level 
protocols which can protect mail users and their messages 
from the shortcomings of the underlying mail protocols. 

Many other proprietary email standards exist for proprietary 
systems. If you use one of these mail systems, it is the 
responsibility of the mail gateway to translate your mes¬ 
sages to an appropriate Internet mail message when you 
send a message to the Internet. 


Mail Transfer Agents and the Internet Mail 
Infrastructure 

The original sendmail protocol specification (SMTP) in RFC 
821 specified the transfer of only 7-bit messages. Many 
sendmail implementations have been made 8—bit transpar¬ 
ent (see RFC 1428), but some SMTP handling agents are still 
strictly conforming to the (somewhat outdated) RFC 821 
and intentionally cut off the 8th bit. This behavior stymies 
all efforts to transfer messages containing national charac¬ 
ters. Thus, only if all SMTP agents between mail originator 
and mail recipient are 8-bit clean, will messages be trans¬ 
ferred correctly. Otherwise, accented characters are mapped 
to some ASCII character (e.g., a (Umlaut a) -> ‘d’), but the 
rest of the message is still transferred correctly. 

A new, enhanced (and compatible) SMTP standard, ESMTP, 
has been released as RFC 1425. This standard defines and 
standardizes 8-bit extensions. This should be the mail pro¬ 
tocol of choice for newly shipped versions of sendmail. 

Much of the European and Latin American network infra¬ 
structure supports the transfer of 8-bit mail messages, the 
success rate is somewhat lower for the US. 

DEC Ultrix sendmail still implements the somewhat out¬ 
dated RFC 821 to the letter, and thus cuts off the eighth bit 
of all mail passing through it. Thus ISO encoded mail will 
always lose the accent marks when transferred through a 
DEC host. 

If your computer is running DEC Ultrix and you want it to 
handle 8-bit characters properly, you can get the source for 
a more recent version of sendmail via ftp. Or you can sim¬ 
ply call DEC, complain that their standard mail system can¬ 
not handle international 8-bit mail, encourage them to 
implement 8-bit transparent SMTP, or (even better) ESMTP, 
and ask for the sendmail patch which makes their current 
sendmail 8-bit transparent. (Reportedly, such a patch is 
available from DEC for those who ask.) In the meantime, an 
8-bit transparent sendmail MIPS binary for Ultrix is avail¬ 
able as URL ftp:/1 ftp.vlsivie.tuwien.ac.atlpub/ 8bitl 
mips.sendmail.8bit. 

If you want to change MTAs, the popular smail PD-MTA is 
also 8-bit clean. 

High-level Protocols 

In the Good Old Days, messages were 7-bit US-ASCII only. 
When users wanted to transfer 8-bit data (binaries or com¬ 
pressed files, for example), it was their responsibility to 
translate them to a 7-bit form which could be sent. At the 
other end, the recipient had to unpack the data using the 


24 ;login : vol. 20 • no. 5 



FEATURE 


same protocol. The commonly used encoding mechanism 
used for this purpose is uuencode/uudecode. 

Today, a standard, MIME (MIME stands for Multi-purpose 
Internet Mail Extensions), exists which automatically packs 
and unpacks data as is required. This standard can take 
advantage of different underlying protocol capabilities and 
automatically transform messages to guarantee delivery. 
This standard can also be used to include multimedia data 
types in your mail messages. 

The MIME standard defines a mail transfer protocol which 
can handle different character sets and multimedia mail, 
independent of the network infrastructure. This protocol 
should eventually solve problems with 7-bit mailers etc. 
Unfortunately, no mail transfer agents 1 (mail routers) and 
few end-user mail readers support this standard. Source for 
supporting MIME (the “metamail” package) in various mail 
readers is available in URL ftp:HthumpeKbellcore.com/publ 
nsb . MIME is specified in RFC 1521 and RFC 1522 which 
are available from ftp.uu.net . There is also a MIME FAQ 
which is available as URL ftp:ilftp.ics.uci.edu/mhlcontribl 
multimedia/mime-faq.txt.gz. (This file is in compressed for¬ 
mat. You will need the GNU gunzip program to decompress 
this file.) 

News and ISO 8859-1 

Much as mail, the Usenet news protocol specification is 
7-bit based, but a significant part of the infrastructure has 
recently been upgraded to 8-bit service. Thus, accented 
characters are transferred correctly throughout much of 
Europe and Latin America, but accents sometimes get lost 
in networks which run old news software (BNews). 

ISO 8859-1 is the standard for typing accented characters in 
most newsgroups (may be different for MS-DOS centered 
newsgroups ;-), and is preferred in most European news 
group hierarchies, such as at.* or de.* 

For those who speak French, there is an excellent FAQ on 
using ISO 8859-1 coded characters on Usenet by Francis 
Yergeau. This FAQ is regularly posted in soc.culture.french 
and other relevant newsgroups. 

WWW (and Other Information Servers) 

The WWW protocol can transfer 8-bit data without any 
problems and you can advertise ISO-8859-1 encoded data 
from your client. The display of data is dependent upon the 
user client. Xmosaic (freely available from the NCSA) 


1 Newer versions of sendmail support ESMTP negotiation and 
can pass 8-bit data. However, they do not (yet?) support 
downgrading of 8-bit MIME messages. 


which is available for most UNIX platforms uses an ISO- 
8859-1 compliant font by default and will display data cor¬ 
rectly. 

rlogin 

For rlogin to pass 8-bit data correctly, invoke it with 
rlogin -8 or rlogin -L. 

Terminals 

XI1 Terminal Emulators 

* xterm 

If you are using XI1 and xterm as your terminal emula¬ 
tor, you should place the following line in -/.Xdefaults 
(this seems to be required in only some releases of Xll): 
XTerm*EightBitInput: True 

* rxvt 

rxvt is another terminal emulator used for Xll, mostly 
under Linux. Invoke rxvt with the rxvt - 8 command 
line. 

VT2xx, VT3xx 

The character encoding used in VT2xx terminals is a prelim¬ 
inary version of the ISO-8859-1 standard (DEC MCS), 
so some characters (the more obscure ones) differ slightly. 
However, these terminals can be used with ISO 8859-1 char¬ 
acters without problems. 

The newer VT3xx terminals use the official ISO 8859-1 
standard. 

The international versions of the VT[23]xx terminals have a 
COMPOSE key which can be used to enter accented char¬ 
acters, e.g., <COMPOSExe><‘> will give an e with accent 
aigu {€). 

Various UNIX Terminals 

Some terminals support down-loadable fonts. If characters 
sent to these terminals can be 8-bit wide, you can down¬ 
load your own ISO characters set. To see how this can be 
achieved, take a look at the URL ftp://nicofunet.fiJpub! 
culture/russianf comp/cyril-term. 

MS-DOS PCs 

MS-DOS PCs normally use a different encoding for 
accented characters, so there are two options: 

* You can use a terminal emulator which will translate 
between the different encodings. If you use the PRO- 
COMM PLUS, TELEMATE and TELIX modem pro- 


OCTOBER 1995 ;logitl\ 25 


FEATURE 


grams, you can down-load the translation tables from 
URL ftp://oak.oakland.edu/pub/msdos/modem/xlate.zip. 

• You can reconfigure your MS-DOS PC to use an ISO- 
8859-1 code page. Either install IBM code page 819, or 
you can get the free ISO 8859-X support files from URL 
ftp://ftp.uni-erlangen.de/pub/doc/ISO/charsets. The 
README file contains an index of the files you need. 

TeXand ISO 8859-1 

If you want to write TeX without having to type (\”a}-style 
escape sequences, you can either get a TeX versions config¬ 
ured to read 8-bit ISO characters, or you can translate 
between ISO and TeX codings. 

The latter is arduous if done by hand, but can be automated 
if you use emacs. If you use Emacs 19.23 or higher, 2 simply 
add the following line to your .emacs startup file. This mode 
will perform the necessary translations 
for you automatically: 

(require 'iso-cvt) 

If you want to configure TeX to read 8-bit characters, check 
out the configuration files available in URL ftp:// 
ftp. vlsivie. tuwien.ac.atlpubl8bit. 

In LaTeX 2.09 (or earlier), use the isolatin or isolatinl styles 
to include support for ISO latinl characters. Use the follow¬ 
ing documentstyle definition: 

\documentstyle[isolatin][article] 

isolatin. sty and isolatinl are available from all 
CTAN servers and from URL ftp://ftp.vlsivie.tuwien.ac.atl 
pub/8bit. (The isolatinl version on vlsivie is more complete 
than the one on CTAN servers.) 

There are several possibilities LaTeX 2e to provide compre¬ 
hensive support for 8-bit characters: 

The preferred method is to use the inputenc package with 
the latinl option. (This should be the first package to be 
included in the document. Use the following package invo¬ 
cation to achieve this: 

\usepackage[latinl][inputenc] 

You can also get the latex-mode to handle opening and clos¬ 
ing quotes correctly for your language. This can be achieved 


2 (If you are using pre-19.23 versions of emacs, get the “gm- 
lingo.el” lisp file via URL ftp://ftp.vlsivie.tuwien.ac.at/pub/ 
8bit. Load gm-lingo from your .emacs startup file and this 
mode will perform the necessary translations for you 
automatically.) 


by defining the emacs variables ‘tex-open-quote’ and ‘tex- 
closing-quote’. You can either set these variables in your 
-/.emacs startup file or as a buffer-local variable in your TeX 
file if you want to define quotes on a per-file basis. 

For German quotes, use: 

(setq tex-open-quote "V'") 

(setq tex-closing-quote "'V) 

If you want to use French quotes (guillemets), use: 

(setq tex-open-quote "«") 

(setq tex-closing-quote "»") 

ISO 8859-1 and emacs 

Emacs 19 (as opposed to emacs 18) can automatically handle 
8-bit characters. (If you have a choice, upgrade to emacs 
version 19.23, which has the most complete ISO support.) 
Emacs 19 has extensive support for ISO 8859-1. If your dis¬ 
play supports ISO 8859-1 encoded characters, add the fol¬ 
lowing line to your .emacs startup file: 

(standard-display-european t) 

If you want to display ISO-8859-1 encoded files by using 
TeX-like escape sequences (e.g. if your terminal supports 
only ASCII characters), you should add the following line to 
your .emacs file {Don't do this if your terminal supports ISO- 
8859-1 or some other encoding of national characters!)’. 

(require 'iso-ascii) 

If your terminal supports a non-ISO 8859-1 encoding of 
national characters (e.g., 7-bit national variant ISO 646 char¬ 
acter sets, a.k.a. “national ASCII” variants), you should con¬ 
figure your own display table. The standard emacs 
distribution contains a configuration (iso-swed. el) for ter¬ 
minals which have ASCII in the GO set and a Swedish/Finn¬ 
ish version of ISO 646 in the G1 set. If you want to create 
your own display table configuration, take a look at this sam¬ 
ple configuration and at disp- table. el for available sup¬ 
port functions. 

Emacs can also accept 8-bit ISO 8859-1 characters as input. 
These character codes might either come from a national 
keyboard (and driver) which generates ISO-compliant codes, 
or may have been entered by use of a COMPOSE-character 
mechanism. If you use such an input format, execute the fol¬ 
lowing expression in your .emacs startup file to enable 
Emacs to understand them: 

(set-input-mode (car (current-input-mode)) 

(nth 1 (current-input-mode)) 

0 ) 

In order to configure emacs to handle commands operating 
on words properly (such as ‘Beginning of word, etc.), you 


26 ;login: vol . 20 . no . 5 


FEATURE 


should also add the following line to your .emacs startup 
file: 

(require 'iso-syntax) 

For further information on using ISO 8859-1 with emacs, 
also see the emacs manual section on “European Display” 
(available as hypertext document by typing c - h i in emacs 
or as a printed version). 

Typing ISO 8859-1 Characters with US- 
style keyboards 

Many computer users use US-ASCII keyboards, which do 
not have keys for national characters. You can use escape 
sequences to enter these characters. For ASCII terminals (or 
PCs), check the documentation of your terminal for particu¬ 
lars. 

US-keyboards Under XI1 

Under X windows, the COMPOSE multi-language support 
key can be used to enter accented characters. Thus, when 
running XI1 on a SunOS-based computer (or any other 
XI1R4 or XI1R5 server supporting COMPOSE characters), 
you can type three character sequences such as 

COMPOSE “ a -> a 
COMPOSE s s -> 6 
COMPOSE v e -> e 
COMPOSE - n -> n 
to type accented characters. 

Note that this COMPOSE capability has been removed as of 
X11R6, because it does not adequately support all the lan¬ 
guages in the world. Instead, compose processing is sup¬ 
posed to be performed in the client using an ‘input method,* 
a mechanism which has been available since XI1R5. (In the 
short term, this is a step backward for European users, as 
few clients support this type of processing at the moment. It 
is unfortunate that the X Consortium did not implement a 
mechanism which allows for a smoother transition. Even 
the xterm terminal emulator supplied by the X Consortium 
itself does not yet support this mechanism!) 

Input methods are controlled by the locale environment 
variables (LANG and LC_xxx). The values for these vari¬ 
ables are equivalent (or at least, should be made equivalent 
by any sane vendor) to those expected by the ANSI/POSIX 
locale library. For a list of possible settings, see the section 
on locales. 

US-keyboards and emacs 

• Using the ALT key for composing national characters 

There are several modes to enter Umlaut characters 
under emacs when using a US-style keyboard. One such 


mode is iso-transl, which is distributed with the standard 
emacs distribution. This mode uses the ALT key for 
entering diacritical marks (accents et al.). To activate iso- 
transl mode, add the following line to your .emacs setup 
file: 

(require 'iso-transl) 

As of emacs 19.29, ALT sequences optimized for a par¬ 
ticular language are available. Use the following call in 
.emacs to select your favorite keybindings: 

(iso-transl-set-language "German") 

For pre-19.29 versions, similar functionality is available 
as extended iso-transl mode (iso-transl+) which allows 
the definition of language specific short cuts is available 
as URL ftp:UftpMsivie.tuwien.ac.atlpubl8bitliso- 
transl+.shar. This file also includes sample configura¬ 
tions for the German and Spanish languages. 

• Electric Accents 

An alternative to using ALT sequences for entering dia¬ 
critical marks is the use of ‘electric accents,’ such as 
used on old typewriters or under many MS Windows pro¬ 
grams. With this method, typing an accent character will 
place this accent on the next character entered. One 
mode which supports this entry method is the iso-acc 
minor mode which comes with the standard emacs distri¬ 
bution. Just add 

(require 'iso-acc) 

to your emacs startup script, and you can turn the “~/ A ” 
keys into electric accents by typing m-x iso-accents - 
mode in a specific buffer. To type the 9 (c with cedilla) 
and B (German scharfes s) characters, type -c and s, 
respectively. 

Note: When starting up under XI1, emacs looks for a 
Meta key and if it finds no Meta key, it will use the alt 
key instead. The way to solve this problem, is to define a 
Meta key using the xmodmap utility which comes with 
Xll. 

Spell Checking 

Ispell 3.1 has by far the best understanding of non-English 
languages and can be configured to handle 8-bit characters 
(thus, it can handle ISO-8859-1 encoded files). 

Ispell 3.1 now comes with hash tables for several languages 
(English, German, French, etc.). It is available via URL 
ftp:lIftp.cs.ucla.eduipub . Ispell also contains a list of inter- 


OCTOBER1995 ; login: 27 


FEATURE 


national dictionaries and their availability in the file ispell/ 
languages/Where. 

To choose a dictionary for ispell, use the ‘-d <dictionary>’ 
option. The ‘-T <input-encoding>’ option should be set to 
‘-T latinl ’ if you want to use ISO 8859-1 as input encoding. 

If you use ispell inside emacs (using the ispell.el mode) to 
spell check a buffer, you can choose language and input 
encoding by either using the M-x ispell-change-dictionary 
function, or by choosing the “Spell” item in the “Edit” pull¬ 
down menu. This will present you with a choice of dictio¬ 
naries (cum input encodings): all languages are listed twice, 
such as in “Deutsch” and “Deutsch8”. “Deutsch8” is the set¬ 
ting which will use the German dictionary and the 8-bit ISO 
8859-1 input encoding. 

Alternatively, ispell.el lets you specify the dictionary to use 
for a particular file at the end of that file by adding a line 
such as: 

Local IspellDict: castellano8 

The following sites also have dictionaries for ispell avail¬ 
able via anonymous FTP: 

language URL 

French ftp:// Ipublispell 

ireq-robot. hydro, qc. ca 

ftp://ftp.inria.fr tINRIA/Projects/algo/INDEX/ 

iepelle 

ftp://ftp.inria.fr /gnu/ispell3.0-french.tar.gz 

German ftp:// /pub/8bit/diets/deutsch.tar.gz 

ftp.vlsivie.tuwien.ac.at 

Spanish ftp://ftp.eunet.es /publunix! text/TeX/ Spanish/ 

ispell 

Some spell checkers use strange encodings for accented 
characters. If you have to use one of these spell checkers, 
you may have to run recode before invoking the spell 
checker to generate a file using your spell checker’s coding 
conventions. After running the spell checker, you have to 
translate the file back to ISO with recode. 

Of course, this can be automated with a shell script: 

recode <options to generate spell checker encoding 
from ISO> $i tmp_file 
spell_check tmp_file 

recode <options to generate ISO from spell checker 
encoding> tmp.file $i 

Note: Ispell 4.* is not a superset of ispell 3.*. Ispell 4.* was 
developed independently from a common ancestor, and 


does not support any internationalization, but is restricted to 
the English language. 

Some Applications and ISO 8859-1 

bash 

You need version 1.13 or higher and set the locale correctly. 
Also, to configure the ‘readline’ input function of bash to 
handle 8-bit characters correctly, you have to set some envi¬ 
ronment variables in the readline startup file . inputre: 

set meta-flag On 
set convert-meta Off 
set output-meta On 

Before bash version 1.13, bash used the eighth bit of charac¬ 
ters to mark whether or not they were quoted when perform¬ 
ing word expansions. While this was not a problem in a 7- 
bit US-ASCII environment, this was a major restriction for 
users working in a non-English environment. 

These readline variables have the following meaning (and 
default values): 

meta-flag (Off) 

If set to On, readline will enable eight-bit input (that 
is, it will not strip the high bit from the characters it 
reads), regardless of what the terminal claims it can 
support. 

convert-meta (On) 

If set to On, readline will convert characters with the 
eighth bit set to an ASCII key sequence by stripping 
the eighth bit and prepending an escape character (in 
effect, using escape as the meta prefix). 

output-meta (Off) 

If set to On, readline will display characters with the 
eighth bit set directly rather than as a meta-prefixed 
escape sequence. 

Bash is available from ftp://prep.aLmit.edu /pub/gnu. 

elm 

Elm automatically supports the handling of national charac¬ 
ter sets, provided the environment locale is configured cor¬ 
rectly. If you configure elm without MIME support, you can 
receive, display, enter and send 8—bit ISO 8859-1 messages 
(if your environment supports this character set). 

When you compile elm with MIME support, you have two 
options: 


28 ;logitv. vol. 20 . no. 5 


FEATURE 


• You can compile elm to use 8-bit ISO-8859-1 as trans¬ 
port encoding: If you use this encoding even people 
without MIME compliant mailers will be able to read 
your mail messages, if they use the same character set. 
The eight bit may, however, be cut off by 7-bit MTAs 
(mail transfer agents), and mutilated mail might be 
received by the recipient, regardless of whether she uses 
MIME or not. (This problem should be eased when 8-bit 
mailers are upgraded to understand how to translate 8-bit 
mails to 7-bit encodings when they encounter a 7-bit 
mailer.) 

• You can compile elm to use 7-bit US-ASCII “quoted 
printable” as transport encoding: this encoding ensures 
that you can transfer your mail containing national char¬ 
acters without having to worry about 7-r-bit MTAs. A 
MIME compliant mail reader at the other end will trans¬ 
late your message back to your national character set. 
Recipients without MIME compliant mail readers will, 
however, see mutilated messages: national characters 
will have been replaced by sequences of the type 4 =FF' 
(with FF being the ISO code (in hexadecimal) of the 
national character being encoded). 

GNUS 

GNUS is a newsreader based on emacs. It is 8-bit transpar¬ 
ent and contains all national character support available in 
emacs 19. 

less 

Set the LESSCHARSET environment variable with 

setenv LESSCHARSET latinl 

metamail 

To configure the metamail package for ISO 8859-1 input/ 
output, set the mm_charset environment variable with 
setenv MM_CHARSET ISO-8859-1. Also, set the 
MM_AUXCHARSETS Variable with setenv MM_AUXCHARSETS 
iso-8859-1. 

nn 

Add the line 

set data-bits 8 

to your ~/.nn/init (or the global configuration file) in order 
for nn to be able to process 8-bit characters. 

nroff 

The GNU replacement for nroff, groff, has an option to gen¬ 
erate ISO 8859-1 coded output, instead of plain ASCII. Thus, 
you can preview nroff documents with correctly displayed 


accented characters. Invoke groff with the groff -Tiatini 
option to achieve this. 

Groff is free software. It is available from URLftp.ii 
prep.ai.mit.edu!pub! gnu and many other GNU archives around 
the world. 

pgp 

PGP (Phil Zimmermann’s Pretty Good Privacy) uses Latinl as 
canonical form to transmit crypted data. Your host computer's 
local character set should be configured in the configuration 
file ${PGPPATH}/config.txt by setting the CHARSET parame¬ 
ter. If you are using ISO 8859-1 as your native character set, 
CHARSET should be set to LATIN 1, on MS-DOS computers 
with code page 850, set charset = cp850. This will make PGP 
automatically translate all crypted texts from/to the LATIN1 
canonical form. A setting of CHARSET - NOCONV can be used 
to inhibit all translations. 

sendmail 

BSD sendmail version 8 has a flag in the configuration file- 
which determines whether to pass any 8-bit data it encounters, 
presumably to match the behavior of other 8-bit transparent 
MTAs and to meet the wants of non-ASCII users, or to strip to 
7-bits to conform to SMTP. The source code for an 8-bit clean 
sendmail is available in URL ftp.ilftp.cs.berkeley.edulucblsend- 
mail . 

tcsh 

You need version 6.04 or higher, and your locale has to be set 
properly. Tcsh also needs to be compiled with the national lan¬ 
guage support feature, see the config.h file in the tcsh source 
directory. Tcsh is an extended csh and is available in URLftp.ii 
tesla.ee.cornell.edulpubftcsh . 

vi 

Support for 8-bit character sets depends on the OS. It works 
under SunOS 4.1.*, but on OSF/1 vi gets confused about the 
current cursor position in the presence of 8-bit characters. 

What We Mean by Trust 

by Jon Finke 
<finkej@rpi.edu> 

This paper was written as part of a site-wide security audit cur¬ 
rently in process. 

When discussing systems, network layouts, or security con¬ 
cerns, we often use the word “trust.” Unfortunately, this has led 


OCTOBER 1995 jlogin: 29 



FEATURE 


to some confusion, since, as in this context, we are not using 
the word “trust” in the conventional sense. 

Trusting People 

When I say that I trust Dave, it not only means that I trust 
him in the conventional sense of trust, but that when the 
UNIX account daveh signs on to a machine, I have a 
VERY HIGH expectation that it is in fact Dave at the key¬ 
board. This means that not only that he has not given his 
password to someone else, but that his office door is locked 
when he is not there, that no one has ever sniffed his pass¬ 
word from the net, that his X sessions have not been tapped 
via the Xkeys program, his workstation has not been hacked 
and a trojan horse installed, and a whole range of other 
exposures that might enable someone else to pretend that 
they are Dave and use his UNIX account. 

Many of these weaknesses may be outside of Dave’s con¬ 
trol. There may be hacked machines on his ethemet that 
have watched him sign on and grabbed his password. He 
may have been traveling and signed on via some service 
provider who has been hacked. (This is a serious problem.) 
He may have signed on at a public X station (using xhost 
access control) and had his keystrokes picked off by some 
person on the same machine, or simply had someone shoul¬ 
der-surf his password as he typed it in. 

In determining the level of trust, we are not looking at the 
particular person, but rather we are looking at all the differ¬ 
ent ways that someone else could obtain credentials to 
impersonate the first person. 

Trusting Hosts 

How do you trust a machine? When we say we trust a host, 
that is a measure of our confidence that we still control that 
machine, and no cracker has taken control of it, installed 
back doors, sniffers, trojan horses, etc. 

While some attacks come via the network, many of the 
attacks require that the cracker first be signed on the 
machine as a conventional user. From here, they find holes 
in the system that let them obtain additional access, and 
eventually partial or total control of the machine. From 
here, they can then use this machine to launch attacks on 
other machines. 

While there are things we can do to close these holes, and 
we must do what we can, this will be an ongoing task, as 
every OS upgrade, vendor change, etc., may introduce a 
new hole. In addition, operational requirements may force 
us to tolerate holes in vendor software that we do not have 
the ability to close ourselves. In these cases, we need to iso¬ 


late these systems behind suitable firewalls to protect the 
rest of the systems and limit damage. 

Given that a cracker only has to be able to break in once, the 
security of a machine is in part determined by the least- 
trusted user on the machine, and by trust, we are referring to 
the previous section. Conversely, anyone who signs on to 
one of these untrusted machines cannot be trusted. 

Trusted Networks 

We also need to be able to trust a network. As with hosts, 
this is a measure of our confidence that no one is sniffing 
packets, or spoofing IP addresses. Although we can reduce 
sniffing attacks via correctly configured smart hubs, and 
reduce spoofing attacks via filters at the gateways, if a 
cracker can break a machine on a particular subnet, they 
may still be able to launch some attacks despite the safe¬ 
guards. 

Another approach to reducing sniffing and spoofing attacks 
is to use encrypted sessions between machines. If properly 
done, these can protect the session, and help guard against 
spoofing attacks. We are still looking for some workable 
solutions in this area. I shudder to think about the number of 
times the root passwords go across the ethemet in the clear. 

Although many factors ultimately determine the level of 
trust for a given subnet, we again are faced with the least- 
trusted factor setting the level for the network, including all 
of the machines on that network. 

Trusted Software 

Not only do we need to trust the people, machines and net¬ 
works, we need to trust all the software that is being run by 
the people and machines. Crackers have been known to 
install trojan horses that can record passwords. In addition, 
large sites with central administration often maintain 
machine configuration in a central file system. If this is 
attacked, the site’s own maintenance systems will quickly 
and efficiently install back doors for crackers to use. At our 
site, the primary goal of our security measures is to protect 
the central file store, as everything else builds from it. 

Transitive Trust 

Building trust models is a tricky business. For example, in 
order to protect the file servers, we need to trust the network 
they are on to prevent the root password from being moni¬ 
tored. This means we have to trust all the machines on that 
network. Which means we have to trust all the users on 
machines on that network. This turns into rapid growth very 


30 ;login\ vol. 20 . no. 5 



FEATURE 


quickly. In addition, we have to trust the gateways on the 
network, and the machines that control the gateways. 

The process isn’t easy, but it is important. If you can start 
with a trusted core, you can then build out from there. We 
will never be able to trust the entire enterprise network 
(don’t even think about the Internet), but we can take steps 
to protect important parts of it (and the associated machines, 
data and people), and to maintain firebreaks to limit dam¬ 
age, and to establish firetowers in cyberspace to detect and 
track problems in order to correct them. 

Crackers 

Who are we defending against? Disgruntled students, dis¬ 
gruntled employees, assorted outside cyperpunks with time 
on their hands, and students with perhaps too much spare 
time on their hands. We are not trying to keep out the NSA; 
if they want in, they will get in. We really are not going to 
stop KGB spies; they will simply bribe the appropriate per¬ 
son if they want it bad enough. My bet is that neither the 
NSA, nor the KGB are going to bother. 

The people we are trying to stop are generally not geniuses 
(who usually have better things to do). Instead, we have 
vandals in cyberspace who found a set of cracking tools on 
an anonymous FTP site. They may not understand what 
they are using, but some of these tools are quite good at 
finding holes. These people are often very good liars (this is 
known as social engineering). If your site has been dealing 
with miscreants for a while, talk to the front-line folks 
about any of the second offenders they have dealt with. 

These people do often have a lot of time to spend looking 
for holes. Often there are programs that can help automate 
or exploit the holes when they find them. If we leave a hole, 
and someone is willing to invest the time to find it, they 
will. We must be sure to make that investment too high for 
anyone who is likely to try, to succeed. 


Web Designer Notes 

by Dave Taylor 
< taylor@netcom. com > 

The Myths and the Reality 

In the headlong rush to join the latest media love-in, the 
World Wide Web, too many people have failed to try and 
balance form and content, quality and quantity. So, instead 
of joining the crowd and feeding you more breathless hype 
about how the next century will see the Internet merge with 
Interactive TV and ultimately let us have smart houses with 
500+ interactive channels on our high-def TV, I’d like to 


instead debunk some of the more popular Web myths, talk¬ 
ing about what I think are the key design and implementa¬ 
tion principles that produce cool, fun, and useful Web 
pages. 

First off, a quick heads-up for those that might have used 
the Web, but aren’t sure what’s underneath the hood. The 
World Wide Web is a hypertext-based online publishing 
environment that includes support for graphics and some 
text formatting. Documents are written in a funky descrip¬ 
tion language called HTML, or hypertext markup language. 
A typical HTML instruction might be <hl>An important 
Point</hi> which indicates that the enclosed text is to be 
considered a level one section head. Documents can point to 
other documents - or any other resource on the net - by 
specifying the Uniform Resource Locator (URL). You’ve 
probably seen these, like http:llwww.usenix.orgl . These 
links are specified in HTML with a tag like 
<a href="http: //www. usenix. org">(JSENIX</a>. 

Even that tiny example suggests one of the fundamental 
issues of Web design: What’s more important, the layout or 
the text itself? 

A bias up front, however; I make the assumption that if 
you’re going to create a Web page, your purpose is to pro¬ 
duce something of value to others. Whether a virtual photo 
album, pictures of your dog, or just a list of other cool spots 
on the Web you’ve found, success = utility. Seem reason¬ 
able? 

So let’s consider the first bugaboo for Web developers: 
should you write standard HTML, or should you use all the 
cool Netscape extensions that are only understood - and 
correctly applied - from within their Navigator Web 
browser? The standard response is to quote the Netscape 
party line, that they have 75% of the Web-browser market. 
But it just ain’t so. More people are using dialup connec¬ 
tions and non-Netscape-capable browsers than otherwise. 
At its most wildly optimistic, Netscape informs that six mil¬ 
lion copies of its browser have been downloaded, but down¬ 
loading, grabbing upgrades and similar doesn’t mean 
they’re in use. 

Further, remember that there are well over seven million 
people who have access to the Web via commercial online 
services. America Online (with over 3 million users), Com¬ 
puServe (again, over three million users), Prodigy (about 
1.5 million users) and the Microsoft Network (about 
500,000 users by the end of this year, I expect), all offer 
access to the Web for their customers, but none of them use 
Netscape, nor do any of their browsers support the full set of 
Netscape extensions to the HTML markup language. The 
majority of home Internet accounts are either dialups to 
UNIX shells (go UNIX!) or packaged Internet browsers like 


OCTOBER 1995 jlOgitV. 31 



FEATURE 


NetCnriser, which has its own, non-Netscape-capable, Web 
browser. 

My suggestion is that you don’t skip using the Netscape 
extensions, since there are some wonderfully fun ones, but 
make sure your pages are meaningful and useful for every¬ 
one else, too. You should be able to convey your content 
without fancy tags, without flashy graphics (many people 
skip loading the graphics altogether for performance rea¬ 
sons), and without the expectation of a super-fast connec¬ 
tion on the browser side. 


.... Netscape Dne World Phize 


] hi ip://vvv .digwnv* nt l/vfnd* \ * f 



One World Piaza iiallcry 

♦ . 

h ' F"ji1 V:■•):( x V' T : \v th.-jr, he.,.:):: ! y XMf ; •i.v 

ii.u yy - r ■:>: Sc-Sir? 


‘JI c<.:1 ::'nw-r im-J lu fct tod 5, DA7 itnv*.’, 

•liP'r:, o I -R - M. ?ui ?: tiL' Ovi k ii ‘ .• ;•*:.*< ‘!p ?<*kf -hr 

* 

1 r::;'“■ T] I 'J - -JV 1 v01 ■ !.u-Jt>■ si!;i,;,r 1 !'■0 , t ii^rp it^^/ pIul“ ■ 1>.<T;#1* si vl tfii i\"A n-L: l';0■■ -■ i oil 

nf li: ,v ; (j i'iJV-iVjfiT fMriOA Tfe? fllWfr'-.tt J1 *lf*77 ?4rV i&Y ji*:T 'jp CCB?. 

uiii liii '- "i- ijj-r: 0_- 7Ji-i :'jj ■ YjI- .V ilO tTOi.ip ■‘'jl'ijy.r Uii- u-; V 

M.i, rti l - 7ti':■- ; i: ■ ■ fi■>JV i 0( i ; )J > IVj ' E y : K-r. V! A P p*ffcl 

• 

--]vvn.:r: ot ie' Ku iJk :•!•>.= 1 Ct>v| : : H '-a iMt.'i i «v. 3k*. piws-i 

•«;: ;0"t '-iJJ-t l:: - l; ' 4.7* to ; ‘ •' < ’-TS*'.. ri- ;V ' •' ;V>1 J : :-.K I^V 

F*i<>ivCf ir:y a %-n.i i* • *ili •. r^v. k !:; v>hi o; ; :: E-uisii T-:0d.i. 

'■'•i] ’Air Mil . ," 'P‘ y^i.i ii-aTTir U '• f Kit p^Yr :>t\ oliW’.’ f r 

■ 

HiM&Yv . U*iy Futv-n - ; iji- or.-—ir ; y Ai ,4 

ri*,'- 1 ;, ji . > IHLU 1 J.' pr*:plr : -ns;:-; “v?. A': ■ J ■■■ ■. 






Netscape View of One World Plaza 


A counter-example of this? The “One World Plaza” pages 
on the Web. They’re beautiful when you view them in 
Netscape Navigator, but pop over with another Web 
browser and they look like there’s a problem sending the 
information down the wire. It’s poor design. Even USENIX 
isn’t immune to this problem: their homepage comes up 
with a cryptic set of icons along the bottom that make no 
sense if you don’t load the graphics on the page. (Ed. Note: 
Thanks for the nudge . We’ve corrected the problem by add¬ 
ing a text-only line above the icons with appropriate links.) 

The same goes for speed. I fear that too many of us are 
spoiled with fast Ethernet connections on our desktop work¬ 
station. When you’ve a zippy connection, pages with lots of 
graphics or splash screens (you know what I mean - single 
graphic images that take up the entire window) are fun and 
visually compelling. Go visit someone with a 14,400 
modem going through a jammed Internet Access Provider 
and watch the same page load on their PC, though. Every 



Another Web Browser View of One World Plaza 

full page graphic takes tedious, boring minutes, minutes 
where you’re not surfing at all, but rather suspended in 
limbo, waiting and wondering why everyone thinks the Web 
is so cool. 

The rule of thumb I use is that each IK of graphics is going 
to probably take about one second of download time for a 
typical Web user. A full 256-color graphic that’s the width 
of your screen and 1-inch high is about 30K, so ask yourself 
whether the slick appearance is worth the time for the aver¬ 
age Webbie. 

The good news is that there are some tricks you can use to 
shrink down the size of your graphics so that you can still 
have fun and compelling images on your page without 
slowing them glacially (after all, we’ve lived with a text- 
only Internet for way too many years!). 

Graphics Depth 

The size of a graphics file is somewhat under your control. 
If you have a black and white image, then you only need 1 
bit to describe each pixel, or picture point. It’s powers of 
two, so 256 colors, the best possible image with the com¬ 
mon GIF format, needs 8 bits per pixel. A 100x100 box is 
therefore 80,000 bits of information, or about 10K in size. 
Take the same graphic and shrink it to 16 colors and sud¬ 
denly you’ve shrunk the graphic to only 5K. Squeeze it into 
4 colors, like an old comic book image, and it’s now a tiny 
2K or so. The four or sixteen colors can almost always be 
any you’d like too, so blue, green, red and yellow work just 
as well as black, white, light grey and dark grey. Or perhaps 
a blueprint in only 1 bit per pixel. 

Color Palette Problems 

Arbitrary colors only work “almost always” because of 
another possible problem with Web pages: PCs, Macs and 


32 ;login: vol .20 - no. 5 























FEATURE 



USENIX Home Page 


UNIX systems have different default color palettes. Some 
PCs on the net are still only capable of displaying 16 colors 
or fewer! Their 16 colors, not yours. I think those particular 
sites are so few that they’re not worth worrying about too 
much, but I have to say that when I recently decided to 
change the default background color on the Internet Mall 
Web pages to a light blue, I immediately started to get com¬ 
plaints from visitors that they couldn’t read the text because 
their $#@$#@ computers were dithering the background in 
an attempt to simulate the color I’d specified. One guy was 
even on a monochrome display! The result? I don’t use 
background colors any more. The advantage of a colored 
background wasn’t worth cutting out a portion of the user 
community. 

Horizontal Graphic Orientation 

Another graphics trick you can use revolves around the way 
that the Graphics Interchange Format encodes graphics: it 
reads the image horizontally, line by line, and specifies a 
color and a repeat count for that color. You can try this by 
creating a 100x100 single color box and saving it as a GIF 
file to see if it’s the same size as a similar size 256-color 
photo image. This means that you should try to use solid 
backgrounds and lean towards horizontal rather than verti¬ 
cal lines and background elements. 

Another possibility for graphics is to use JPEG, the Joint 
Photo Experts Group format that encodes pictures in a dif¬ 
ferent, usually more space efficient manner, than GIF. It def¬ 
initely works, but guess what? Many of the browsers 
available, including the original Mosaic, can’t display JPEG 


images and instead launch a separate program to display 
them. Imagine your Web page where the graphics are all in 
separate windows - that’ll have a definite effect on how you 
view the material! 

Form versus Content 

At its most fundamental, these issues of graphic size, depth 
and layout options shouldn’t be the most important ques¬ 
tions at your Web site anyway, because the key question is 
really about what information you’re going to offer, and 
how you can organize it so that the majority of people can 
navigate and find the snippets they seek. Even if it’s just a 
hotlist of other Web spots you like, there are simple tricks 
you can use that will help others enjoy the fruit of your surf¬ 
ing expeditions. 

An obvious one is to use the old computer scientist strategy 
of divide and conquer; break long listings into small lists, 
even lists of lists. Add some sort of commentary on each 
site that lets the user know why you find that particular spot 
fun, cool, or even dopey. I’ve seen some home pages where 
as the person cruises the Web, they simply add more and 
more links to their growing list of cool spots. No commen¬ 
tary, not even their own name for the site, just the barely 
useful information that’s saved in their browser bookmark 
file. How much more useful instead to have the list broken 
into interesting categories, like “cyber shopping trips,” 
“awesome pictures,” “dumb layout ideas” and “Adult-only 
pages,” then for each entry a few words about what makes 
that site fun or interesting, like “I always thought that bricks 
were pretty boring until I saw THIS site. Check it out for 
yourself!” 

Organize the information in a way that will make sense to 
your user community, which isn’t the same as how you 
might have it organized yourself. This simple idea seems to 
be lost completely on most documentation writers, where 
90% of the time you spend with a manual is searching for 
relevant words in the index. If you can, add a search tool of 
some sort (you can even just call ‘grep’ from within a CGI 
script, if you have to, and then make the filenames output 
hotlinks!) 

The best way of all to learn how to design and create useful 
pages is just to watch yourself when you’re using the Web, 
consider which pages you’re visiting frequently, and ask 
yourself what about those pages make them so valuable, 
cool or interesting? I’ll bet that it’s not a flashy graphic or 
two, or some novel organization, but rather the content, the 
information therein that you actually find useful. Whether 
it’s the Internet Movie Database, Yahoo, or the Whole Inter- 


october 1995 ; login: 33 













FEATURE 


net Catalog, I know the sites that I frequent are those that 
offer some utility to me. 

And that’s where we started: success - utility. Content is 
more important than form. Keep things fun and interesting, 
and remember that unless you’re showing off your art or 
programming skills, it’ll be the information that brings peo¬ 
ple back. 

Visit These Sites for Yourself! 

• One World Plaza 

http:ilowplaza.coml Yahoo http:iiwww.yahoo.comi 

• Whole Internet Catalog 
http:iiwww.gnn.comignniwiciindex.html 

• Internet Movie Database 
http'.iiwww. cm. cf.ac . ukiMoviesi 

• The Internet Mall 
httpdiwww.mecklerweb.comiimall 

• USENIX Association 
http:iiwww.usenix.orgi 


Musings 

by Rik Farrow 
<rik@spirit.com> 

Remember when NT meant “Not There?” That was my 
favorite button at a Winter USENIX conference a couple of 
years ago. Unfortunately, NT is around now, and that means 
sooner or later we must deal with it. 

You might wonder just how soon you will have to deal with 
NT (if you aren’t doing so already). Well, the Windows 95 
launch will push NT along much faster. Windows 95 is an 
improvement over Windows 3.1, but it still is not a robust 
operating system. Windows 95 adds more complexity, 
requires retraining of users, and much more resources in the 
way of hardware. Since NT will also run many of the same 
applications as Windows 95, many people will just make 
the slightly higher leap to Windows NT clients. 

A second point is that Windows NT will run on any com¬ 
mercial computer a desktop can support. Sun is shipping 
NT/SPARC, PowerPC, Mips, and DEC Alpha are currently 
supported, and the PA-RISC port should be completed by 
early 1996. This means that an organization can support a 
single OS on all desktops. 

As I write this, I can’t help but remember the “UNIX wars” 
of the late eighties and early nineties, when AT&T and Sun 
Microsystems agreed to cooperate to produce a single flavor 
of UNIX. Digital Equipment Corporation, Hewlett-Packard, 
Group-Bull, and IBM were quickly up in arms about the 


“unfair advantage” this would provide Sun (Solaris, Sun’s 
biggest success story?!?). 

The UNIX war led to the creation of the Open Software 
Foundation, an attempt to standardize on a UNIX version 
based on System V Release 3, along with other nifty things. 
Today, only DEC uses OSF/1 (known called “Digital 
UNIX”), the operating system product of OSF. The Data 
Management Environment was stillborn, and DCE (Distrib¬ 
uted Computing Environment), while still alive, is suffering 
from having been designed by too many committees. Don’t 
write off DCE, though, as I expect OSF and vendors will 
eventually work out how to make administration of it feasible. 

How does this tie into NT? It would have been very nice to 
have a single Application Programming Interface (API) for 
most versions of UNIX. But even more important, just think 
how nice it would be to have a single administration inter¬ 
face to UNIX systems! Don’t you just love the fact that there 
are a half dozen different names and formats for the shadow 
password file? Or how much fun it is to have to administer 
to a single AIX system when what you really understand is 
SunOS? Organizations buy into NT because it runs on 
everything, has a single API, and a single administrative 
interface. Not that any of these is the best (hardly), but just 
because there is only one of each. 

Sure, the big UNIX vendors saw the light in 1994. The Com¬ 
mon Desktop Environment is about ready to ship (may have 
by the time you see this). A common administrative inter¬ 
face is farther away, and even more difficult. Perhaps if the 
vendors back in 1989 had started negotiating instead of 
going for each others’ jugular, things would be different. 
But this is just crying over spilt beer. 

The final blow occurred recently when a federal court ruled 
that Windows NT could be considered an open system. The 
Coast Guard had wanted to use NT in a project, but had been 
barred because NT could only be purchased from a single 
vendor. Under an appeal, the court ruled that NT was an 
“open system” because it supported POSIX level 1 (the API 
based on UNIX systems programming interface). A low 
blow indeed. 

OS Architecture 

Windows NT was designed to be the operating system of the 
future. Built of modules which rest on top of a hardware 
abstraction layer (to aid in portability), NT has an architec¬ 
ture similar to microkernels. That is, each module commu¬ 
nicates with the others using a message passing scheme, 
instead of the procedure call interface used by older operat¬ 
ing systems - such as UNIX. 


34 ;login : vol. 20 . no. s 



FEATURE 


Sitting on top of the communications interface are personal¬ 
ity modules. This is where POSIX fits in, as a “personality” 
of Windows NT. Unfortunately, the dominant “personality” 
of NT is the Windows interface. All user interaction must 
pass through the Windows interface, so if you write an 
application to the POSIX API which requires user input (for 
example, “Press RETURN to continue”), this request is 
passed from the POSIX module, to the communications 
module, to the Windows module. The Windows module 
doesn’t talk to the keyboard either, but then passes the 
request back to the communications module, which passes 
the request back down within the operating system. 

The efficiency of this really impressed the hell out of me. 

Of course, an application using X also goes through similar 
convolutions, but using the sockets interface. 

Of course, this brings up what I find the most troubling 
about NT - the interface. Many times I have approached an 
NT system at a vendor display, only to walk away frustrated 
by the Windows interface. This isn’t an operating system, I 
think, it’s a toy. There are configurations files, directory 
hierarchies, and so on hidden behind the sugary interface, 
and I intend to learn what these are, and how to make NT do 
tricks. One of these days. 

NT also includes security, something sorely lacking in Win¬ 
dows. And as more people use NT, more flaws in the secu¬ 
rity are showing up. Some are just a matter of misconfig- 
uration, such as, when someone attempts to log into a non¬ 
existent account, NT will create the new account for that 
person (if misconfigured). The file sharing system. Samba, 
allows you to change directory above the mount point of a 
networked directory. NFS, with all its warts, won’t (can’t) 
permit this to happen. 

Crystal Ball Gazing 

Is NT really the “Next Generation” operating system? Not 
really. While a step along the way, I expect a microkernel 
hybrid will be the next multiplatform, high-performance, 
networked operating system. And what I see as a hint of 
things to come is not an operating system at all but a lan¬ 
guage environment. Java, from Sun, is a new object-ori¬ 
ented environment which appears to answer many of the 
problems with today’s object-oriented languages. 

Complete code portability is one of Java’s most interesting 
features. This portability is the basis for Hot Java, Sun’s 
Web browser which permits the secure importation of code. 
The portability found in Java is reminiscent of the portabil¬ 
ity that was supposed to be a feature of OSF, the Application 
Neutral Distribution Format (ANDF). Sun claims perfor¬ 


mance comparable with native C for Java, along with incre¬ 
mental compiles and better object encapsulation than C++. 

I intend to check Java out. And maybe I’ll stick NT on a 
small slice of the PC hard drive which holds BSD/OS. 
There’s got to be something there to learn. 

Errata 

In my column in the August issue of ;login .*, I mentioned 
PowerBroker, by Freedman Sharp Associates. I provided 
their email address, but used the WRONG domain exten¬ 
sion. It was given as fsa.com, but should have been fsa.ca 
(for Canada). 


Impact 

by Scott Hazen Mueller 
< scott@zorch.sf-bay. org > 

Social commentators are talking about the decline of “com¬ 
munity” in the US. Society seems to be turning inward and 
becoming more self-centered. This may not have anything 
to do with computing, but what are the impacts of the com¬ 
puter industry on society at large? What are the future possi¬ 
bilities? 

I see three areas: computing, networking, and the computer 
industry. 

Computing 

Black, white, and shades of grey: there are some obvious 
changes, a few areas that have scarcely been touched, and a 
whole spectrum in between. 

If you’re old enough to be reading this, you’ve seen many of 
the changes first-hand. Computing is not yet all-pervasive, 
but it has had a big impact on almost every aspect of life. 

Computers have become an important part of the workplace 
in the US (other countries vary but most lag behind). The 
way people work has changed as a result. For example, 
almost everyone except very senior executives types up 
their own letters. As more and more people do their own 
clerical work, there is less need for pools of clerical staff to 
do this work. This in turn reflects a general change, for it is 
now necessary to have computer skills to get almost any 
job. Those jobs that had in the past been the very bottom 
rung of the office ladder now require computer literacy. 
Even jobs outside the office - such as store clerks - need 
computer skills. 


OCTOBER 1995 ;logitt\ 35 



FEATURE 


The impact of the computer on people’s health is becoming 
obvious as well. Repetitive Stress Injury (RSI) is now com¬ 
monplace among white-collar workers, while hardly anyone 
outside of a few industries had heard of it ten years ago. Sci¬ 
entists, managers and workers argue about radiation from 
VDTs, another new hazard. People with sensitive hearing 
can get headaches (I know I can) from flyback transformers 
whining. All of these take a toll on society, as workplaces 
are forced to adjust, or as people take time off sick. 

These aside, what about impacts on mental and emotional 
health? Is it really reasonable to spend eight to ten hours a 
day staring at a tube? Even if it’s OK for most, what about 
children? When I was a child, I played with the neighbors, 
or read, or bicycled. I used to throw hissy fits when the other 
kids went in to watch TV. Now, the computer - or the video 
game machine - is a universal attraction. Children who used 
to be out playing, and getting socialized, are now indoors. 
Do we really want a society where everyone was raised in 
front of a CRT? 

Networking 

Too many commentators have touched on networking com¬ 
munities to repeat it all here. In summary: yes, there are 
communities of interest on the networks; no, it’s not the 
same as being there in person. 

During the Renaissance of Europe, the great thinkers of the 
time wrote letters to each other. You might say that they 
were a community of sorts. Today, people stay in touch 
using the phone. Those of us on the networks use e-mail, a 
medium that shares aspects of both letters and the phone. 

Certainly, people are absorbed by these pursuits. Many is 
the story of a man or woman who becomes completely lost 
in Usenet, or IRCs, or mailing lists. They are getting some¬ 
thing from that, for sure. But, are they building a real com¬ 
munity, or merely the illusion of one? It can be hard to tell; 
the best of the virtual communities can sometimes reach the 
stature of a good real community. 

And, these days, it can be hard to get involved in your real 
community. Most of California, where I live, is very iso¬ 
lated. It seems like every backyard in the state is surrounded 
by a six-foot-high fence. People want privacy, so there is 
very little sense of community in these physical surround¬ 
ings. If you want to get involved, you have to find an inter¬ 
est group that meets your needs, whether it be religion, or 
hobbies, or education. 

So, maybe the network communities really aren’t that dif¬ 
ferent after all. Maybe the distinction we see today, between 
virtual communities and our real neighborhoods, will disap¬ 
pear when everyone is on the network. If I will only spend 


time with my neighbor if we share a common interest, then 
our encounters on the network could extend back into real¬ 
ity. 

The Computer Industry 

The computer industry is, after all, the breeding ground for 
the computing and networking technologies. Above all else, 
people who work in the industry have a responsibility to 
society. Borrowing from Hippocrates, “First, do no harm.” 

All of the technologies and techniques we develop have the 
potential to change society. Each decision an individual 
makes may affect the entire world. I realize this seems a bit 
heavy, but consider the impact of the design of the original 
Internet Protocol. To this day, there is still no widely- 
deployed security mechanism on the Internet - because it 
wasn’t a design goal of IP. 

The responsibility is ours, then, to make sure we consider 
the impact of our decisions. Computing professionals 
should weigh the consequences when making a decision, 
especially when considering shortcuts. You should be ready 
to say, “No, doing that would be wrong.” 

In a different vein, businesses in general are turning to a 
work model that seems, to me at least, to derive from the 
computer industry. After a period in which it was possible to 
have a job and a life, too, employers are starting to demand 
more and more from employees. I find that the typical post¬ 
layoff employee, as discussed in the mainstream media, 
looks more and more like the stereotypical computer engi¬ 
neer. People are being asked to work harder, for longer 
hours, and less pay. Except for the less pay part, that looks a 
lot like the computer person who works voluntarily for 12 
and 14 hour days. Did they ever consider that they might be 
setting an example that affected people who didn’t want to 
work that way? 

The similarity makes me wonder whether there is an actual 
cause-and-effect relationship here. Did executives look at 
the long hours computer people put in, and get the idea they 
could ask the rest of their employees to work those sorts of 
hours? Even if this isn’t the case, can computer people have 
a positive impact on the rest of society by cutting back their 
own hours? 

Perhaps it’s worth thinking about. 

Putting It All to Rest 

The automobile was not just a technological advance, it was 
the harbinger of a whole new kind of society. Likewise, the 
computer brings with it more than ways to do old jobs faster 
- it brings whole new worlds. People live, work, and play 


36 ;login: vol 20 . no. 5 



FEATURE 


differently now, and the changes will keep coming. It’s up to 
us to ensure that things get better with change, not worse. 

USA Wins Medals At 
Computer Olympics In 
The Netherlands 

by Don Piele 
<piele@cs.uwp.edu> 

(Editor's Note: USENIX is a major sponsor of the United 
States Computer Olympiad.) 

Four high school students representing the United States 
won medals in the 1995 International Olympiad in Infor¬ 
matics, held in Eindhoven, The Netherlands, June 26-July 3. 
The US team competed against 210 students from 51 coun¬ 
tries. 

Winners were: 

• Gold - Russell Cox, 16, from Delbarton School in Mor¬ 
ristown, N.J., ranked 11th (in the world) 

• Silver - Hubert Chen, 18, from Upper Dublin High 
School, Fort Washington, Pa., ranked 23rd 

• Bronze - Daniel Adkins, 15, McKinley High School, 
Baton Rouge, La., ranked 68th and Valentin Spitkovsky, 
17, Lafayette High School, Williamsburg, Va. ranked 
100th 

• Erika Hoffeld, 17, Montgomery Blair High School, Sil¬ 
ver Spring, Md. competed for the US team but did not 
win a medal 

The USA team ranked 6th, as a team, behind Czechoslova¬ 
kia, China, Russia, Hungary, and Romania in the medal 
count. 

Don Piele, professor of mathematics at UW-Parkside and 
leader of the United States team, reported that the Eastern 
European countries are extremely strong in algorithmic 
computer problem solving because of the many competi¬ 
tions held in this region. 

“The Eastern European countries are consistently the top- 
ranked teams at IOI competition,” Piele said. “For the U.S, 
to be ranked in the top six is a great achievement. We con¬ 
tinue to improve each year as we develop our training pro¬ 
gram at UW-Parkside.” 

During the IOI competition, students compete on two sepa¬ 
rate days during which they are given five hours to use 


logic, mathematics, and computer programming skills to 
create original computer programs that solve three difficult 
problems. 

Since 1992, when the US first entered the IOI, participating 
U.S. teams have won four gold medals, four silver medals, 
and six bronze medals and have always ranked in the top 10 
countries. 

Financial backing for the United States of America Com¬ 
puting Olympiad (USACO) is provided by USENIX, and an 
anonymous donor. 

The USACO home page ( http:ilusaco.uwp.edu ) on the 
World Wide Web contains information and pictures of all 
USACO competitions including this year’s IOI. 


October 1995 ;login: 37 



STANDARDS 


The following reports are 
published in this column: 

• Report on POSIX.2: Shell & 
Utilities 

•Report on POSlX.lb: Realtime 
•Information Infrastructure 

Our Standards Report Editor, 
Nick Stoughton, welcomes 
dialogue between this column 
and you, the readers. Please 
send your comments to 
<nick@usenix.org >. 


An Update on Standards Relevant 
to USENIX Members 

by Nicholas M. Stoughton 
USENIX Standards Report Editor 
<nick@usenix.org> 

I have on my bookshelf at home a copy of the first POSIX standard, the 1986, 
trial use version of POSIX.1, also known as “IEEEIX.” Two years later, the first 
full use standard was published. Two more years, and this was revised: the now 
famous POSIX.1-1990, the standard that has been adopted by ISO as Interna¬ 
tional standard 9945-1:1990. 

Five years have passed since then, and POSIX has not been sleeping; a whole raft 
of standards have been published. But after five years, the IEEE insists that every 
published standard is checked, in case it has become obsolete in any part. PASC, 
the Portable Applications Standards Committee of the IEEE Computer Society, 
who are the sponsors of POSIX standards, have decided that they do not have the 
resource at present to revise POSIX.1. There is to be a ballot, which I am respon¬ 
sible for coordinating, on either reaffirming POSIX.1 as it stands, or withdrawing 
it completely. 

If, like me. your copy of POSIX.) is the book you read most; the biblc you follow 
for all your applications, then you should be voting to reaffirm it. It you want it 
revised, the best way is to join the working group, who are sure to revise it 
before the next five years is up. 

Of course, if you think it’s obsolete, and a complete waste of everyone’s time 
and effort, now is your opportunity to drive a nail through the coffin and vote to 
withdraw the standard (incidentally killing all the standards that have been based 
on it, such as POSIX.lb-1993). 

We all know that maxim well, and to a great extent, it helps us more than harms 
us if there are two overlapping standards. Users can choose which is the one 
most relevant to what they want to do. Of course, vendors hate having to supply 
support for both, but their whole reason for existence is to satisfy their customers 
(oh, and make some money while they are at it). 

What you don't do when you have competing standards is to allow governments 
to legislate as to which is better. The failure of the OSI protocols to dominate the 
Internet is a good example; governments tried steering commerce into their pre¬ 
ferred direction, but the power of democracy won, and we have IP and its related 
protocols. 

In Europe, we have the mad bureaucrats of Brussels who have now made it a 
criminal offence to use the wrong standards if you sell fruit and vegetables (yes, 
pounds and ounces can now get you at least a fine, if not a prison term). Any¬ 
body from any government anywhere in the world reading this, don’t go making 
the same mistake with our standards! 


38 ;login: vol. 20 


NO. 5 



STANDARDS 


I am going through one of those periods everyone has from 
time to time when its seems as if everything is changing. As 
you are undoubtedly aware, back in April we voted to 
change the structure of the Sponsor Executive Committee 
(SEC) of the Portable Applications Standards Committee 
(PASC), effectively halving it. This will affect every POSIX 
working group still in existence. The change is designed to 
cause only a minimal impact in what it is we are doing, 
being more than anything an administrative device to sim¬ 
plify and streamline the procedural aspects of the work. 

That’s a minor change in comparison with some of the per¬ 
sonal ones going on around me at present as I start my own 
company, specializing in standards consultancy, and my 
wife, as I write this is working on increasing quantity of our 
children by 50% (I did my bit nine months ago, now its her 
turn). 

Report on POSIX.2: Shell & Utilities 

Tom Shem <tshem@hposl62.cupMp.com> reports on the 
July 10-14,1995 meeting in Nashua> NH 

POSIX.2b (Shell and Utilities) draft 11 closed its “changes- 
only” recirculation ballot on July 6th. The results from the 
ballot were not yet available at the time of the meeting. 
Also, a copy of POSIX.2b draft 11 was sent to ISO. Com¬ 
ments are not expected back from ISO till around the end of 
the year. 

David Korn reported on the Regular Expression (RE) 
Experts meeting which was held in Toronto, Canada on 
June 28th. The meetings objectives were to address a num¬ 
ber of outstanding POSIX interpretations dealing with RE’s. 
The results from the this meeting of experts were used to 
close a number of outstanding POSIX.2 interpretation 
requests. The RE Experts meeting should be considered a 
sub-meeting of the POSIX.2 working group for all intents 
and purposes. 

A large portion of the meeting was spent addressing inter¬ 
pretations to the POSIX.2 (IEEE 1003.2-1992) standard. In 
addition, we revisited several interpretations examined at 
the RE Experts meeting. In addition to those, interpretations 
were addressed in the following areas: awk, ed, expr, 
shell, filename expansion, make, mkfifo, and 
mail. The results from the interpretations meetings will be 
sent to the Interpretations Functional-chair (Andrew Josey) 
as official interpretation responses. 

An outstanding issue for the last few POSIX.2 meeting has 
been the lack of internationalization (II8N) experts to 
address I18N concerns in the POSIX.2 standard. It was 
agreed that this would be a good basis for a new POSIX.2 


project if we could get commitment from several key I18N 
experts. Further discussion on a new Project Authorization 
Request (PAR) will be conducted at the next meeting in 
October. 

Lastly, since the IEEE results from the POSIX.2b draft 11 
ballot had not yet been received by the close of the meeting, 
we were unable to begin work on resolving ballot objec¬ 
tions. In anticipation of their impending arrival, volunteers 
were assigned as Technical Reviewers (TR’s) to specific 
chapters and sections of the document. The results will be 
tabulated by the ballot coordinator (Don Cragun) and dis¬ 
tributed at a later date. 

Report on POSIX.lb: Realtime 

Joe Gwinn <GW1NN@SUD2.ED.RAY.C0M> reports on the 
July 10-14,1995 meeting in Nashua , NH 

So what is the POSIX System Services Working Group, 
Realtime Extensions Subgroup, doing? 

The big news is that as part of the general reorganization of 
PASC/POSIX, the POSIX.4 Working Group no longer exists, 
having been subsumed into the newly constituted “System 
Services Working Group” (SSWG), as of the end of the 
April POSIX meeting. SSWG is composed of the antebellum 
POSIX. 1, POSIX.4, POSIX.8, and SRASS Working Groups. 
SSWG retains all the documents of the old POSIX.4 WG 
except POSIX. 13, which goes to the new “Profiles Working 
Group” (which consists largely of the old POSIX.O WG). 
The July meeting was the first under the new organization. 
There was surprisingly little chaos. In spite of the internal 
Brownian motion, the same people are working on the same 
documents as before. 

The new SSWG has largely retained the old structure of the 
former Working Groups. The former POSIX.4 WG has 
become the “Realtime Extensions” subgroup of the SSWG, 
abbreviated SSWG-RT. 

SSWG-RT has three approved standards: 

• 1003.lb-1993 (realtime extensions, was called POSIX.4) 

• 1003.1c-1995 (pthreads, was called POSIX.4a) 

• 1003.1i-1995 (technical corrections to 1003.1b) 
SSWG-RT has four active formal projects: 

• POSIX.Id (more realtime extensions, was POSIX.4b) 

• POSIX. lj (yet more realtime extensions, was unofficially 
called POSIX.4d) 


OCTOBER 1995 ;logitl\ 39 



STANDARDS 


• POSIX. 1 n (technical corrections to 1003.1 c) 

• POSIX. 13 (realtime profiles), discussed below. POSIX. 1 n 
is a new project as of this meeting. 

Where there are two paragraphs covering a given draft stan¬ 
dard, the first paragraph gives the current status, while the 
second describes the content of that draft standard. These 
descriptive paragraphs do not generally change greatly from 
report to report. 

IEEE Std 1003.lb-1993, the merger of 1003.1-1990 and the 
realtime extensions POSIX.4, is now available from the 
IEEE (800 678 4333 in Canada and the USA, 1 908 981 
1393 elsewhere, and 1 908 981 9667 by fax) as a published, 
bound 590-page book. 

A useful overview of the realtime POSIX standards has been 
written by four stalwarts of the former POSIX.4 WG: 

“NGCR Operating Systems Standards Working Group 
(OSSWG) Advisory: A Programmer’s Overview of the IEEE 
POSIX Realtime Standards,” NGCR Document Number 
OSS-A 001 ver 1.0, issued 31 May 1994,73 pages. Avail¬ 
able to good homes for the asking. Send email request spec¬ 
ifying your snailmail address to Kar Chan at chank@ 
smtp-gw.spawar.navy.mil. Snailmail requests also accepted. 
Write to Kar Chan at the Space and Naval Warfare Systems 
Command, SPAWAR 331-2,2451 Crystal Drive, Arlington, 
VA 22245 USA. 

POSIX. lc (pthreads) passed International Standards Organi¬ 
zation (ISO) Committee Document (CD) balloting in Febru¬ 
ary 1995 with only one editorial comment, and Draft 10 was 
approved by the IEEE at the June 1995 Standards Board 
meeting. POSIX.lc will now be merged into IEEE Std 
1003.1b-1993. This published book will likely be called 
“IEEE Std 1003.1c-1995.” and will include all of POSIX.l, 
POSIX.4, and POSIX.4a, plus the two technical corrections 
standards POSIX.li and POSIX.In. It will take about a year 
to get to a published merged book, if history is any guide. 

POSIX.Id (was POSIX.4b) is in ballot resolution, which is 
almost complete, except in the areas under discussion with 
the members of the Common Reference Ballot. Interrupt 
Control, a particularly contentious area, has been deferred 
and now resides in a non-normative appendix. The current 
plan is to recirculate in October 1995. 

POSIX. Id, 130 pages, contains a number of realtime inter¬ 
faces and options that arrived too late to be included in 
1003.1b-1993 (which itself consists of POSIX.l and 
POSIX.4 combined). The major new interfaces and options 
are: spawn (), a functional merger of fork() and exec (), 
needed both for efficiency and to allow use on platforms 


lacking memory management hardware, a sporadic-server 
scheduling policy, used to prevent asynchronous high-prior¬ 
ity processing from totally consuming the computer; cpu- 
time clocks and timers, used both to measure and to bind 
use of cpu by processes, devctl (), the successor to the ioctl() 
of classic UNIX, Interrupt Control, a set of interfaces 
intended to allow direct application-level control of devices 
such as array processors and radar signal processors, and 
Advisory Information, a set of interfaces that allow an 
application to declare to the kernel that for instance a speci¬ 
fied file will be read sequentially, allowing the kernel to 
optimize performance. A number of existing interfaces are 
also being augmented by the addition of variants supporting 
timeouts. 

POSIX.li (also known as “POSIX.4 technical corrections”) 
was approved as a standard by the IEEE Standards Board in 
June 1995. 

POSIX.li consists of correcting the POSIX.4 interfaces to 
remedy clashes detected when POSIX.4 was merged into 
1003.1-1990 to yield 1003.lb-1993, as well as minor prob¬ 
lems discovered by early implementors of 1003.lb-1993. 
POSIX.li is a fast-track effort with a very limited and spe¬ 
cific scope. As the changes are small, simple, and few, 
approval is expected to be rapid, at least as POSIX under¬ 
stands the term. 

POSIX. lj (was “POSIX.4d”) was voted out to ballot at the 
April 1995 POSIX meeting. Ballot is currently scheduled by 
the IEEE for February 1996; this 9-month delay is a matter 
of great concern to us. Production of standards is already far 
too slow. The issue is being worked with the IEEE. The 
issues turn on overloading of ballot groups, and of the 
IEEE’s own handling of ballot logistics. 

POSIX. lj, 73 pages, contains a number of realtime inter¬ 
faces and options that arrived too late to be included in 
POSIX.Id. The major new interfaces and options are: 

• Typed Memory, a set of interfaces supporting the 
mmap () -like mapping of diverse kinds of physical mem¬ 
ory (e.g., SRAM, DRAM, ROM, EPROM, EEPROM) via 
multiple and/or diverse physical paths used for instance 
to access special hardware and memory via attached 
VME busses 

• nanosleep_abs (), a high-resolution sleep () allow¬ 
ing the user to specify when to awaken, rather than how 
long to sleep; 

• Barrier Synchronization, a set of interfaces intended to 
support efficient implementation of parallel DO/FOR 
loops on massively parallel computers; 


40 ;login : vol 20 . no. 5 



STANDARDS 


• Reader/Writer Locks, used to allow efficient parallel 
access to data in situations where reads vastly outnumber 
writes; 

• Spinlocks, a very fast synchronization primitive for use 
on shared-memory multiprocessors; 

• Persistent Notification for Message Queues, an option 
for 1003.lb-1993 Message Queues. 

POSIX.ln, technical corrections to pthreads, is not yet a full 
approved project, as its Project Authorization Request 
(PAR) must be approved by the IEEE Standards Board. 
Approval is likely, and work continues in parallel. 
POSIX.ln, like POSIX.li before it, is a fast-track effort with 
a very limited and specific scope, a similar timescale. 

POSIX.13 ballot resolution is nearly complete, and 
POSIX.13 will be recirculated in September 1995. This may 
well be the final recirculation. The major changes were due 
to inclusion of profiles to support POSIX.5b, the Ada bind¬ 
ings to 1003.lb-1993. (POSIX.5b is expected to pass its own 
final recirculation in a matter of months.) Although 
POSIX.13 now falls under the new Profiles Working Group, 
all the POSIX.13 folk came from the former POSIX.4 WG, 
now SSWG-RT, so we will continue to report on the progress 
of POSIX.13 here. 

ESSE, VSO’s “Embedded Systems Software Environment,” 
a new project to write binary, driver, and toolpath standards 
for embedded computers, is analyzing the current draft of 
POSIX.13 to see what additional things are suitable for stan¬ 
dardization. As POSIX concerns itself only with source- 
level APIs, while ESSE will consider non-source-level stan¬ 
dards, the POSIX and ESSE standards should complement 
each other. For more information on ESSE, contact the VITA 
Standards Organization at http:llwwwMta.com . VSO holds 
the VMEbus Standards, formerly held by the IEEE, and is a 
part of VITA, the VMEbus International Trade Association, 
which is largely composed of VMEbus hardware manufac¬ 
turers. 

POSIX.13,122 pages, is a family of four related realtime 
profiles ranging in size from the very small through a full- 
featured platform conforming to essentially all of 1003.lb- 
1993 (POSIX.l plus POSIX.4) and POSIX.lc (threads), and 
the parallel Ada binding POSIX.5b, with realtime options 
chosen. The smaller profiles specify just that subset of 
POSIX interfaces needed to “clothe” widely-used small ker¬ 
nels such as pSOS, WindRiver, and VRTX32, and the 
ORKID interface standard, which, although very similar in 
function, differ greatly in interface details. (As a matter of 
interest, there are more of these small kernels in UNIX sys¬ 
tems than there are UNIX kernels because, for instance, 
many I/O controllers and peripherals themselves use one of 


these small kernels.) Standardization of these interfaces will 
yield the same benefits for embedded and realtime as stan¬ 
dardization of UNIX did for workstations. In addition, the 
POSIX.13 interfaces are chosen to allow multi-computer 
distributed systems to be built, such as those used in factory 
automation. Such systems are typically set up as a hierar¬ 
chy, with a few large-profile machines at the top, and a large 
number of smaller profile machines at the bottom control¬ 
ling this or that piece of machinery, perhaps with an inter¬ 
mediate layer of supervisory machines between top and 
base, all communicating with peers, superiors, and subordi¬ 
nates, as needed. 

New Items 

A number of new items, as yet un-numbered and homeless, 
are under consideration: the Trace Interface, and various 
issues relating to time and clocks. These are described in the 
following paragraphs. 

Trace Interface 

The proposed trace interfaces were the focus of consider¬ 
able interest and much discussion at the July 1995 meeting. 
A joint meeting of SSWG-RT and SSWG-FT (the former 
SRASS WG) was held. A number of specific APIs were pro¬ 
posed, based on this or that existing system, but it became 
clear in the debates that no one proposal encompassed all 
major requirements; heretofore, these requirements had 
been unspoken, and were revealed only in the clash and 
bang of debate. So, we have backed up a bit, and are devel¬ 
oping explicit requirements. We will return to development 
of specific APIs after the requirements are agreed to. 

The purpose of these trace interfaces is to allow the collec¬ 
tion and presentation of trace logs of application calls on the 
operating system, I/O activity, user-defined events, and the 
like, with an eye to debugging user code running at essen¬ 
tially full speed. This is certainly a requirement for realtime 
applications. A number of vendors have come forward with 
implementations, and there has been great interest in com¬ 
ing up with standard APIs and, to some extent, log file con¬ 
tents. The proposed trace interfaces do not in the least 
resemble standard inspect-and-change debuggers, and 
require no kernel knowledge to use. The feeling of the ven¬ 
dors appears to be that a trace API would allow them to sell 
something very much like their existing trace tools beyond 
their present user base. The details are changing daily; stay 
tuned. 

Time and Clocks 

The addition of some new kinds of clock to the list in IEEE 
Std 1003.lb-1993, section 14.1.4, CLOCK_REALTIME 


OCTOBER 1995 ;logift\ 41 



STANDARDS 


and CLOCK_ABSTIME, are under discussion. The new 
kinds are tentatively named CLOCK_SYNCHRONIZED 
and CLOCK_FUNDAMENTAL. (These new kinds of 
clock are defined in earlier reports.) Clock kinds are in 
effect qualitative descriptions of what an application writer 
can and cannot expect of a clock; few numerical limits are 
to be specified. 

Under discussion is which clock the various time-related 
1003.lb-1993 APIs will follow, where no argument to spec¬ 
ify a clock is provided. Relative timers (e.g., wait 10 sec¬ 
onds) will most likely use or act like they use 
CLOCK_FUNDAMENTAL, while absolute timers (e.g., 
wait until 10:00) will likely use CLOCK_SYNCHRONIZED. 
The handling of pthread_cond_timedwait() is an issue, as it 
uses absolute time to achieve relative semantics. 

Information 

Infrastructure 

by Jim Isaak 
<isaak@ljo.dec.com> 

The ANSI (American National Standards Institute) IISP 
(Information Infrastructure Standards Panel) started in the 
summer of 1994, and has held four meetings since that time. 

This committee was formed at the highest level in the U.S. 
(ANSI) to bring together formal SDO’s (Standards Develop¬ 
ment Organizations), consortia, industry associations, 
industry and government organizations to collaborate on 
delivering the standards needed to advance the U.S. Infor¬ 
mation Infrastructure. You can find background documenta¬ 
tion on this at URLs http:!!stdsbbs.ieee.org:70!0!pub! 
ieeestds.htm (under Information Infrastructure), gopher:!! 
stdsbbs.ieee.org:70100!publNII.GIIlgiiintro.htm and http:!! 
www. ansi . org!home. htmL 

While there is much hype on “information infrastructure,” 
there is also substantial progress. This includes evolution 
and expansion of the Internet, expansion of cable services 
into education and healthcare, development of video on 
demand, and significantly increased government awareness 
and interest in the U.S. and globally. For info on U.S. gov¬ 
ernment activities in this area, see the Information Infra¬ 
structure Task Force URL http:Hiitf.doc.gov! or in europe 
http:Hwww.earn.net!EC! . Elements of this will be moved 
forward independent of any skepticism or hype, and signifi¬ 
cant players in many diverse industries are positioning their 
approaches to segments of this market, many of which 
reflect their various business models. Also, this area 
involves widely differing views of standardization, span¬ 
ning collaborator partnerships, formal standards, and even 


legislative and regulatory mandates. The recent IITF 
(Administration II task force) AC (advisory committee, 
mainly consisting of industry leaders) has called for Nil 
access by all citizens by the year 2000 (via schools, librar¬ 
ies, etc.) and direct individual access by 2005 (see IITF URL 
above for “Common Ground” paper). 

The “threat” of government interest and leadership is one of 
the forces encouraging the creation of the IISP. The primary 
tasks of this group include: 

• To bring together the diverse groups of SDOs and consor- 
tias, encouraging awareness and collaboration; 

• To identify requirements for standardization needed to 
advance II; 

• To identify organizations who have a response (or are 
willing to develop a response to these requirements; 

• To make available to all interested parties (e.g., govern¬ 
ment, industry) the identified requirements & responses. 

To date, a list of 16 requirements have been identified, 
mostly at a fairly high level (e.g., requirement for network 
to network interoperability).These are being distributed to 
the SDO’s and consortia to identify groups that have a 
response or interest in responding. 

One fairly well developed example of an area of discussion 
is the “Nil appliance” including “set top device” require¬ 
ments and interests. There is a pre-existing issue between 
the TV manufacturers and the cable industry about the set¬ 
top device in particular. The cable industry’s tradition is to 
rent these devices, and have control over them (to protect 
their signal distribution, billing, etc.). Such devices have 
output on just one channel to the TV. The TV manufacturers 
seek to put additional functionality into the TV, such as the 
ability to view two channels at once - which does not work 
with the traditional set top. Collaboration in this area was 
mandated by legislation in 1992 though the FCC, and further 
legislation has been proposed in 1995 that is targeted here 
as well. (The Blily/Markey bill, related to consumer access 
to communications appliances) This is in addition to 1995 
legislation on reform of the 1934 Telecommunications bill, 
targeted at allowing competition between various suppliers 
of telephone and/or other communications (e.g., TV, cable) 
services to the user’s premises. This “convergence” expands 
the range of affected appliances from set tops to include 
telephones, TVs, personal computers and more. This exam¬ 
ple also indicates that standardization in this area is not just 


42 ;login: vol. 20 . no. 5 


STANDARDS 


a question of voluntary standards, but is a likely target for leg¬ 
islative and regulatory action. 

The concept of Nil appliances is a useful way to view the 
direction that work is taking in this area. Traditional standards 
within industries (e.g., TV, cable, Telco, computer) are being 
displaced by specifications (and potentially regulation) that 
will apply to many or all of these industries. 

Other key sources of information about Information Infra¬ 
structure Standardization include XIWT, who has developed 
an Architecture document: http:ilwww.cnri.reston.va.us:3000l 
XIWTIdocuments!arch doc!title_page.html and CSPP, whose 
vision and “interoperability” documents on Nil are good over¬ 
views (but not, alas, online): accessible via phone: 202 662 
8407 or email: cspp@mcimail.com . 

Future IISP meetings: 

• Oct 30 - Nov 1, Washington DC area 

• Jan 17-18, Washington DC area 

To join, contact: Chick Hayden, at ANSI; chayden@ansi.org . 


Dilbert ® by Scott Adams 



{ 

i 

! 

£ 


DON'T FEEL BAD. THE 
OTHER ENGINEERS LJONT 
LOOK DOWN ON YOU 
JUST BECAUSE YOU'RE 

BEHIND THE TECH- 




OCTOBER 1995 flogifll 43 


DILBERT reprinted by permission of UFS, Inc. 







BOOK REVIEWS 


Books reviewed in this column: 

Andrew Davison, Ed., Humour the 
Computer Cambridge, MA: MIT 
Press, 1995. ISBN 0-262-54075-4. Pp. 
226. $13.95. 

Brad Templeton, Ed., The Internet 
Joke Book. San Jose, CA: Peer-to-Peer 
Communications, 1995. ISBN 1-57398- 
025-0. Pp. 220. 

Frederick P. Brooks, Jr., The Mythical 
Man-Month. 2nd Ed. Reading, MA: 
Addison-Wesley, 1995. ISBN 0-201- 
83595-9. Pp. 308. $24.69. 

Adele Goldberg and Kenneth S. Rubin, 

Succeeding with Objects. Reading, 
MA: Addison-Wesley, 1995. ISBN 0-201- 
62878-3. Pp. 542. $49.44. 

James O. Coplien and Douglas C. 
Schmidt, Eds., Pattern Languages 
of Program Design. Reading, MA: 
Addison-Wesley, 1995. ISBN 0-201- 
60734-4. Pp. 562. $39.76. 

Brern B ; Welch, Practical Program¬ 
ming in Tel and Tk. Upper Saddle 
River, NJ: Prentice Hall, 1995. ISBN 0- 
13-182007-9. Pp. 428 + floppy. $36. 

Stephen R. Walli, Go Solo. X/Open; 
distributed by Prentice Hall, 1995. ISBN 
0-13-439381-3. Pp. 190 +CD. $85. 

Rich Morin, Ed., Prime Time Free¬ 
ware for UNIX; Issue 4-1 . Sunny¬ 
vale, CA: Prime Time Freeware, 1995. 
ISBN 1-881957-06-3. Pp. 148 +two CDs. 
$60. 

Martha E. Steemtrup, Ed., Routing 
in Communications Networks. 

Englewood Cliffs, NJ: Prentice Hall, 

1995. ISBN 0-13-010752-2. Pp. 399. $46. 

Christian Huitema, Routing in the 
Internet. Englewood Cliffs, NJ: Pren¬ 
tice Hall, 1995. ISBN 0-13-132192-7. Pp. 
319. $42. 

Stephen L. Talbott, The Future Does 
Not Compute. Sebastopol, CA: 
O’Reilly & Associates, 1995. ISBN 1- 
56592-085-6. Pp. 481. $22.95. 


The Bookworm 

by Peter H. Salus 
<peter@uunet. uu. net> 

CyberGroucho 

I got both Davison’s Humour the Computer and Templeton’s The Internet Joke 
Book in May. Just in time for me to take them with me to Honolulu for INET ‘95. 
I got about 70 pages into Davison before abandoning it. I read all of Templeton. 
Here’s why. 

Don’t get confused: Humour the Computer is putatively an anthology of funny 
things written about computers and computing; The Internet Joke Book is an 
anthology of jokes that have been promulgated over the net (in rec.humor.funny). 
Davison has put together a lot of stuff that once evoked a smile (like Waitzman’s 
RFC 1149 - without noting that it was an RFC - and Schrodt’s “Generic Word 
Processor,” from BYTE [1982]) and some that never evoked one (from me; 
humor is quite individual, insofar as I can tell). The problem for me is that 
Schrodt, for example, is far less funny thirteen years later. Most of Davison’s 
other selections have not worn well, either. (Conversations with service folk no 
longer amuse me: I had a number of telephone conversations with the 800-num¬ 
bers of two well-known hardware vendors in June and July.) 

Brad Templeton began rec.humor.funny in 1987. It is frequently offensive to 
some. It is often topical. It is frequently actually funny (to me, again). Brad put 
out three anthologies via ClariNet over the years. The archives are available on 
CD-ROM. What Brad thinks of as the best is in this volume. A lot of it is still 
offensive; most of it is still funny. Only about 30% (my estimate) is about com¬ 
puters. As the pieces are quite small, the book is great airplane reading. 

CyberWoody 

For years, Woody Allen’s movies made me think about the things I was laughing 
about. Could a dictator be cloned from his nose (“Sleeper”)? Might Howard 
Cosell cover a Latin American coup (“Bananas”)? If the narrator can walk into 
and out of the frame (“Stardust Memories”), why shouldn’t a character walk off 
the film into the real world/living room (“Purple Rose of Cairo”)? And just about 
the time that Allen was questioning the notion of comedy (“Love & Death”), 
Frederick P. Brooks, Jr. was questioning the notion of the software process. 

Twenty years later, here’s a new edition of The Mythical Man-Month - and it’s 
about 120 pages longer. Among other things, “No Silver Bullet,” from IFIP 1986 
is included. Brooks’ point in this paper is that writing software is a complex pro¬ 
cess and that not only is there no solution to that complexity in sight, but that he 
doesn’t see one on the ten-year horizon. Those ten years will be up only a few 
months after you read these words. I still don’t see a silver bullet on the horizon, 
despite an ever-increasing number of books (largely from the SEI at CMU) on the 
“software process” and the “capability maturity model.” Notable, to me, is the 
fact that the truly insightful work of David Tilbrook over the past fifteen years 
has gone nearly unremarked by this last series of volumes (though it has 
appeared in UKUUG, EUUG, and USENIX proceedings). 

My favorite part of “No Silver Bullet” is the section in which Brooks pointed out 
that “those software systems which have excited passionate fans are those that 
are the product of one or a few designing minds.” When I reread it here, I real¬ 
ized that I had been thinking about it when writing my Quarter-Century of 


44 ;login: vol. 20. no. 5 


BOOK REVIEWS 


UNIX : all the tools I use were written by individuals or 
small groups, not by the “thousands of programmers” Bill 
Gates says have been working on NT. Brian Kemighan told 
me that Awk was the toughest thing he’d worked on because 
there were three people involved. 

Buy this new edition, read it, think about it. Good software 
is more important than “good enough” software. And never 
buy anything that is 1.0. 

CyberManagement 

Goldberg and Rubin pay fealty to Brooks in Succeeding 
with Objects but it’s important for you to realize that this is 
not a book about 0-0 technology, nor about Smalltalk. It is 
a volume aimed at managers to explain to them how they 
can use “Decision Frameworks” in project management. It 
contains a good deal of genuine practical advice and a num¬ 
ber of case studies. I think that it can be recommended to 
any project manager or executive. It is actually readable. 

Patterns 

Pattern languages became commonplace in architecture fol¬ 
lowing the publication of Alexander’s Timeless Way of 
Building (1979). They have not been coin of the realm in 
computer science. In August 1994, there was a conference 
on Pattern Languages of Programs (PLoP). Coplien and 
Schmidt’s volume is a sort of proceedings, “sort of’ because 
it contains extended and revised papers and does not contain 
all the presentations. As design patterns “capture the static 
and dynamic structures of solutions that occur repeatedly 
when producing applications,” it is possible that by employ¬ 
ing the ideas and tools in the thirty papers [!] in the volume, 
we can avoid some traps and pitfalls. There are a number of 
good ideas here, but only time will reveal whether they are 
worthwhile. 

Tcl/Tk again 

Brent Welch has produced a neat volume which supple¬ 
ments Ousterhout’s, rather than replacing it. As Welch was a 
student of Ousterhout’s and has moved from PARC to Sun, I 
presume that the originator of Tcl/Tk is fully complicitous 
in this book. I enjoyed reading it and found it truly informa¬ 
tive, but I have a caveat as I got to the chapters on writing 
your own widgets, I encountered undocumented calls in the 
sample programs. The index was not helpful. 

Running on Empty 

Novell has given the UNIX trademark to X/Open. X/Open 
commissioned Stephe Walli to write Go Solo. He did a fine 
job with the unattractive material. The result is a book and 
CD-ROM that propagandize quite forcefully for X/Open’s 
SPEC 1170. This is backed by what is coyly referred to as 


“the industry’s major vendors.” BSD-Lite, BSDI,..., Linux 
are not among these. I read the book and looked at the CD- 
ROM. X/Open apparently doesn’t use ISO 9660 format. 
Sigh. 

Gassing Up 

For the “right stuff,” which those major vendors don’t pro¬ 
vide, you might turn to Prime Time Freeware. In PTF’s new 
package you get a nicely produced paperback (with a useful 
“Tutorial Introduction”) and two CD-ROMs with 5GB of 
over 500 UNIX packages (including GNU stuff, X11R5, 
X11R6, languages from ABC through Tcl/Tk (in alphabeti¬ 
cal order), GUI builders, etc., etc. The CDs are in ISO 9660 
format. [And if you want to get a non-major system, devel¬ 
opers can get BSDI 2.0 (source) for under $1K.] 

Routing 

There are two new books on routing, both from Prentice 
Hall. Steenstrup’s anthology is full of information provided 
by twenty contributors in eleven chapters. The first two 
chapters are on circuit-switched networks: the twenty-five 
pages by Gupta, et al. on ATM networks are a superb encap¬ 
sulation. The remainder of the volume is on packet routing 
(chapters 3-6); high-speed networks (7-9); and mobile net¬ 
works (10 and 11). The book suffers from the independence 
of the chapters: the bibliographic form is inconsistent; some 
lists of references are in alphabetical order, some aren’t; 
there is no index of names; many of the authors are curi¬ 
ously parochial. I sought in vain for Craig Partridge’s work 
in the chapters on high-speed networking. Bob Metcalfe’s 
work on packet communication and ALOHA seems to have 
been missed. Only Yakov Rekhter (“Inter-Domain Rout¬ 
ing”) and John Moy (“Link-State Routing”) seem to be fully 
conscious of the history of their respective topics. But there 
is a lot of information here. 

Huitema’s volume is wonderful, but it really needed an edi¬ 
tor. Huitema writes the way he speaks; the reader must keep 
in mind that this is not a native speaker of English. There 
are places where the syntax gets sufficiently snarled that I 
resorted to reading it aloud to myself. Each of Huitema’s 
chapters has its own list of references. I might have pre¬ 
ferred a single combined list. He didn’t choose to index 
names (perhaps this is a Prentice Hall policy). But Huitema 
has complete control of the literature and, as former chair of 
the IAB, knows about everything in the works. This is a 
book that I can easily recommend very highly. I thought it 
interesting that Huitema mentions Rekhter’s RFCs 1265 and 
1266, which aren’t in Rekhter’s own references. 

Luddite Polemics 

Talbott has produced a highly readable polemic concerning 
the way the [evil] computer is “swallowing culture.” He 


October 1995 ;login: 45 



BOOK REVIEWS 


mixes ideas from Owen Barfield, literary critic and friend of 
C.S. Lewis and J.R.R. Tolkien, with those of Rudolf 
Steiner, Austrian philologist, anthroposophist, and educator. 
This is not so strange, as Barfield translated one of Steiner’s 
books into English. 

Talbott thus joins the worriers: whatever current science 
and technology may be, they will work for evil and against 
all that’s good and worthwhile. From Pandora loosing evils 
upon the world and Prometheus bringing fire to humanity to 
the Golem and Mary Shelley; from the Luddites in the early 
19th century destroying machinery to current fears of 
power lines and microwave emissions, this has been a 
strong trend in human thought. 

I enjoy reading Barfield but find it hard not to think that 
Steiner, a major Goethe scholar before he turned to theoso¬ 
phy, was a nut. I enjoyed reading Talbott, and think he and 
his family will do well in “rural New York,” an area I imag¬ 
ine beginning around 125th Street. 

The Object Advantage: Business 
Process Reengineering With Object 
Technology 

by Ivar Jacobson, Maria Ericson and Agneta Jacobson, 
ACM Press/Addison-Wesley, 1995,344 pages, 

ISBN: 0-201-42289-1. 

Reviewed by George W. Leach 
<gwll@gtexom> 

Many in the software development community tout object- 
oriented technology as the key to improving systems devel¬ 
opment. Virtually every business relies upon process 
reengineering as the cornerstone for improving competi¬ 
tiveness in the global economy of the 90s. Flexible software 
systems enable the implementation of process reengineer¬ 
ing in a business. This book ties these two evolutionary 
concepts together bridging current trends in business and 
software development. 

The book begins with an overview of the topic of business 
engineering. Business engineering is defined as the combi¬ 
nation of business process reengineering combined with 
continuous improvement of processes that either have been 
reengineered or don’t require reengineering. The role of 
information systems in support of business engineering is 
discussed. And object-oriented technology is mentioned as 
a key enabler in achieving business engineering. 

The distinction between the static structure of a business as 
defined by an organization chart and the dynamic interac¬ 
tions that define how the business operates are discussed. 


Business modeling is presented as the mechanism for cap¬ 
turing the dynamics of the business. 

A brief overview of object-oriented technology follows. 
However, rather than focusing upon building software, this 
book concentrates on modeling a company using O-O. 
Object-oriented technology is presented as a method for 
reducing the semantic gap between the model and reality. 

Once the stage is set by defining business engineering and 
object-oriented modeling, the application of object-oriented 
technology to modeling the processes of a business is pre¬ 
sented. The use case is presented as the mechanism for 
describing business processes. A use case is a specific thread 
of interactions upon objects in a system. It is discussed at 
length in Jacobson’s first book [1]. 

A distinction is made between the external view of a com¬ 
pany and the internal processes that support that view. Busi¬ 
ness processes define the external view, from the customer’s 
perspective. An object-oriented model defines the internal 
model of the company with objects modeling deliverables 
and resources such as products, services, resources and 
tasks. The flow of events among the objects to support a par¬ 
ticular business process is modeled using a use case. Exter¬ 
nal customers, partners, suppliers and systems are actors 
that interact with the business. 

The book delves into the two distinct types of models Jacob¬ 
son recommends, namely an object model and a use case 
model. Each model presents a different view of the business. 
The object model is more static in nature depicting the enti¬ 
ties that comprise the business. The use case model 
describes the dynamics of the business or the course of 
events that traverse the objects. Use cases describe what will 
be done while the object models describe how the business 
implements the use case. 

A couple of chapters are devoted to further exploring the 
topics of reverse engineering the existing business and for¬ 
ward engineering the business. Constructing a model of the 
existing business consists of developing use cases and an 
object model to support them. Once a model of the existing 
business exists, one can evaluate it and determine how to 
improve upon it. This is where forward engineering comes 
into play. The notions of an ideal-object model and a real- 
object model are introduced. 

An example follows which illustrates how Jacobson’s com¬ 
pany, Objectory AB, used these techniques upon them¬ 
selves. Unfortunately, the level of detail explored in this 
example is too high-level and borders on trivial. The authors 


46 ;login: vol. 2 o . no. 5 



BOOK REVIEWS 


should have chosen a single use case and provide more 
detail rather than ending with the simple high-level model. 

The remaining three chapters of the book are devoted to 
building the information system to support the business 
model. The treatment of the topic is rather sparse and proba¬ 
bly could have been left out of the book. 

Most books on 0-0 Modeling concentrate on analysis and/ 
or design and are geared towards software architects, 
designers and developers. While this book is not unique in 
aiming at managers [2], it is unique in its focus on modeling 
the business and tying the concepts of 0-0 into business 
process reengineering. Large companies are investing 
heavily in reengineering their businesses. Yet there is little 
written about tying this concept into the design and devel¬ 
opment of the software systems supporting the activities of 
the business. 

While the topic of the book and the first two thirds of the 
chapters held my interest, I came away with the desire to 
know more. The book never gets very far into details. Per¬ 
haps for a business person this is fine. However, software 
people will be disappointed in the high level treatment of 
the subject without fleshing the concepts out further. 

[1] Ivar Jacobson, Magnus Christerson, Patrik Jonsson and 
Gunnar Overgaard, Object-Oriented Software Engineering: 
A Use Case Driven Approach, ACM Press/Addison-Wesley, 
1992. 

[2] David A. Taylor, Object-Oriented Technology: A Man¬ 
ager’s Guide, Addison-Wesley, 1990. 

Tel and the Tk Toolkit 

By John K. Ousterhout, Addison-Wesley 1994, ISBN 0- 
201-63337-X, $36.75, softcover, 480 pages 

Reviewed by Henry Spencer 
<henry@zoo.toronto.edu> 

It should hardly be necessary to explain what Tel and Tk 
are, because increasingly they’re everywhere. However, just 
in case you’ve been living in Outer Mongolia for the last 
five years or so, Tel (usually pronounced “tickle”) is a 
small, simple interpretive language originally invented by 
John Ousterhout as a common command language to be 
embedded into applications which need to be slightly pro¬ 
grammable. It’s taken on a life of its own as a versatile pro¬ 
gramming language and jack-of-all-trades notation for 
many purposes. Tk (just “tee-kay”) is a toolkit for doing X 
graphics programming in Tel, which caught on immediately 
because it was the first sane way to program with X. Tel 
(aided by Tk) is rapidly becoming the most important new 
programming language of the 1990s: more adaptable and 


more versatile than Awk or Perl, more readable and more 
appealing to the general programming community than 
Lisp, and more efficient and simpler than the UNIX shell. 

The world badly needs a good book on Tel and Tk, and this 
book was widely anticipated as being the one. I regret to say 
that it doesn’t entirely live up to its promise. 

This is certainly an important book, and definitely a useful 
book. Unfortunately, it tries to be all things to all readers, 
and succeeds in being rather unsatisfactory for almost 
everyone. In particular, it falls into the standard trap of try¬ 
ing to be both a tutorial and a reference, and it works about 
as well as that approach has ever worked: poorly. 

The first chapter or two make a promising start as a tutorial, 
but then the reference book starts to show through. Rather 
than gradually introducing topics and working up to greater 
levels of complexity in all of them, each topic is covered 
exactly once and in exhaustive detail. This is fine if you 
want to go to one place and find out everything about, say, 
handling files. However, if you just want a general impres¬ 
sion of how files work, you have to read very selectively to 
avoid being drowned in detail. It gets worse and worse as 
the book proceeds, too. This is not a book you read cover to 
cover, that quickly become impossibly tedious. 

As a reference, the book is again superficially promising but 
doesn’t fully deliver. It’s nicely broken up by topics, and the 
command summary tables in particular are very nice, but 
the treatment is strikingly uneven, with some topics dis¬ 
cussed at length with examples, and others barely touched 
on. Important details are often skimmed past; worse, the 
phrase “see the reference documentation” gets used far too 
heavily, particularly later in the book. A reference really 
ought to be complete, and this one isn’t, because it tries to 
remain readable by skipping the grittiest parts. (Producing a 
complete reference for anything involving X admittedly 
presents problems, given that publishers don’t like thou¬ 
sand-page books, but it should be possible to do better than 
this.) 

A better title for this book would be A Guidebook to Tel and 
the Tk Toolkit . That’s where it really shines: not as a way of 
learning the topic from scratch, or as a source of answers to 
hard questions, but as a roadmap to finding the answers. 

You don’t expect a guidebook to gently explain the funda¬ 
mentals, or to give you all the answers - it suffices that it 
steers you in the right direction when you’ve got a general 
idea of your destination. It covers, if sometimes a bit sketch¬ 
ily, almost any question you’d be likely to ask. If you want 
to know about (say) handling X events in the Tk C interface, 
chapter 41 probably won’t tell you everything you want to 
know, but it’ll give you a general idea of what’s going on, 
and tell you where to dig for details. 


October 1995 ;login : 47 


BOOK REVIEWS 


Long before I actually finished reading the book, I was 
using it as a guidebook, and my copy is now getting rather 
dog-eared from being dragged around. I really need one 
copy at each client site where I do serious Tcl/Tk work, and 
one for home base. So don’t think this isn’t a useful book! 

The world still needs a really good tutorial introduction to 
Tel and Tk. Lots of people are going to want to learn about 
them in the next few years, and this book is not the place to 
start. (Don Libes’s “Exploring Expect” is actually a better 
Tel tutorial, as far as it goes, but it can only spend its first 
few chapters on Tel, and that isn’t really quite enough.) I’m 
still waiting for a Tcl/Tk introduction that I could recom¬ 
mend to a novice without feeling guilty about it. 

Meanwhile, if asked for a Tcl/Tk tutorial, I would recom¬ 
mend roughly the first half of this book, with reservations. 
It’s flawed but still useful, and as yet there is nothing better. 
And, once you do get past the initial hurdles, it’s a priceless 
guidebook, and it is valuable (if, again, a bit flawed) as a 
reference. Ousterhout has been a little too ambitious in try¬ 
ing to make the first Tcl/Tk book do everything for every¬ 
body, but it’s a good start, and a valuable tool for any 
serious Tcl/Tk programmer. 

The Cartoon Guide to Statistics 

By Larry Gonick and Woollcott Smith, HarperPerennial, 
1993, ISBN 0-06-273102-5, $13.00, softcover, 230 pages. 

Reviewed by Henry Spencer 
< henry@zoo. tor onto, edu > 

This is a book that’s slightly off the beaten track. It’s about 
one of those subjects that most ;login: readers were force- 
fed in small doses during college, and have done their best 
to forget ever since. Now and then, alas, there comes a time 
when you have to refresh your memory because suddenly 
you need to use it. The best approach, of course, is to find 
someone who’s already an expert and get them to help. 
Unfortunately, such people aren’t always available, and 
when they are, they usually don’t work cheap. So you may 
have to dust off the books instead. 

This book might not be the first one you’d reach for, if you 
saw it on the shelf. It’s not a big expensive college text full 
of equations, but a modest (and modestly-priced) softcover 
full of... cartoons? 

Yes, it’s full of cartoons. Larry Gonick is a professional car¬ 
toonist and comic-book artist. The format here is almost that 
of a comic book, although the textrpicture ratio is higher, 
and there are indeed a few equations here and there. It’s fre¬ 


quently amusing, and it’s both easily understood and pleas¬ 
ant reading. 

On the other hand, the content is non-trivial and correct. 
Woollcott Smith is a professor of statistics, well-known and 
widely respected. The book does an amazingly good job of 
painlessly explaining the basics of statistics, including both 
the methods and the pitfalls. Reading it does require a bit of 
concentration at times, and it won’t make you a statistician, 
but it will give you a better idea of what the statisticians are 
talking about. It’ll probably do a better job on that than the 
average introductory statistics course, unless the course has 
a very good instructor. 

After I read the book, I made the mistake of showing it to 
my girlfriend (who’s a statistician at University of Toronto). 
It was weeks before I saw my copy again; it made the 
rounds, and some folks who’d never entered a comic store 
in their lives went there to buy their own copies. 

Now, a word of caution. If you need to do substantial statis¬ 
tics without a professional statistician to help, you’ll still 
need that introductory textbook (the statistician who’s cur¬ 
rently looking over my shoulder recommends Moore and 
McCabe’s Introduction to the Practice of Statistics, 2nd edi¬ 
tion), and maybe a reference book or two. Gonick and 
Smith get into some moderately sophisticated topics, but 
there are limits to what they can do in 230 heavily-illus¬ 
trated pages. The textbook will be much more comprehen¬ 
sive and rigorous, and you’ll need references for detailed 
methods. But you’ll find them rather easier to read if you 
read this book first. 

In fact, even if you intend to consult an expert, you’ll find 
him/her easier to talk to if you read this book first. It will 
give you a good grounding on how statisticians approach 
things, and some understanding of the key issues. 

In short, this book delivers statistical literacy, rather than 
detailed statistical knowledge, but it does its job well. If 
you’re already on speaking terms with basic statistics, buy 
this book for amusement or not at all. But if you have a 
barely nodding acquaintance with statistics, and suddenly 
need to develop an intimate relationship, reading this book 
would be a good start. 


48 ;login: vol. 20 . no. 5 


BOOK REVIEWS 


The Craft of Software Testing: 
Subsystem Testing Including Object- 
Based and Object-Oriented Testing 

By Brian Marick, Prentice Hall, 1995, ISBN 0-13-177411-5, 
hardcover, 553 pages. 

Reviewed by Bob Birss , SunSoft Developer Products 
<bob.birss@eng.sun.com> 

Get this book. It lucidly and thoroughly addresses the funda¬ 
mental questions of testing: how do I design tests, what are 
typical tester errors and how do I avoid them, how do I 
implement tests, how do I know whether my tests are any 
good, and how do I know when I’m done? It is arguably the 
best book ever on testing - not as comprehensive, say, as 
Beizer’s Software Testing Techniques (second edition), but 
within the chunk of the testing world it addresses, much 
more thorough and practical. 

The bulk of the book describes basic testing techniques and 
then elaborates on subsystem testing in practice. The last five 
chapters discuss testing reusable, object-based, and object- 
oriented software. There are five appendices of “catalogs” - 
of which the most interesting are the “test requirement cata¬ 
log” and the “checklists for test writing.” There’s an 81-item 
bibliography, nine entries of which are explicitly on testing 
object-oriented software. 

Because they gather and systematize an enormous body of 
knowledge about how to test software and because they help 
the tester ask the right questions, the checklists are perhaps 
the best thing about the book. They are the very embodiment 
of the “craft” of testing. For the inexperienced tester, the 
checklists can take the place of years of experience; for the 
veteran, they can help ensure thoroughness. And for every¬ 
one involved with software development, the chapters on 
object-based testing are invaluable. 

Marick remarks at the end of his Preface that the title of this 
book is a takeoff on Glenford Myers’ The Art of Software 
Testing . But he doesn’t point out the irony: it took 16 years 
for us to get from the “art” of testing to the “craft” - will it 
take us another 16 to get to the “science”? 


Expert C Programming: Deep C Secrets 

by Peter van der Linden, SunSoft Press/Prentice Hall,1995, 
ISBN: 0-13-177429-8, 353 pages. 

Reviewed by Rob Kolstad 
<kolstad@bsducom> 

Normally, I don’t have a tough time coming up with the 
right things to say about a book so that those who will enjoy 
it can deduce that from the review. This one is a toughie. 

This book attempts - maybe too hard - to be light-hearted in 
explaining facets of C programming that some people might 
not already know. 

The book includes lots and lots of useful facts (first exam- 
ple:use(CWif (3==i) instead of (CWif (i==3)), lotsof 
folklore, a tremendous number of examples, a number of 
“Software Dogma,” “Handy Heuristic,” and well written 
“Programming Challenge” sections sprinkled throughout 
the eleven chapters, and an index. 

The book ranges far and wide across topics: comment style, 
white space, linker methodology, programming interview 
test questions, stack and memory layouts, type promotion, 
an overview of C++ for C programmers, and declarations. 
Something for everyone, that’s for sure. 

By and large, the information presented is useful. I think 
that most good programmers should probably know more 
than 80% of it (which means you should read the book to 
ensure that you know at least 80% of this good stuff). 

With all the good technical information (though some of it 
seems to have been presented too verbosely for my taste), 
my only real beefs with the book are its light-heartedness 
(which occasionally tends to get in the way of the exposi¬ 
tion) and the kicker: I just couldn’t figure out which items 
the author thought were the really important ones and which 
were trivia. This inability to pick-and-choose the “really 
important parts” bothered me a bit. 

This is one of those good books for your reading room. You 
can browse through a few pages at a time and pick up good 
information, then come back later for a new topic. 


OCTOBER 1995 


;login : 49 



ANNOUNCEMENTS & CALLS 


1996 USENIX Technical 
Conference 

January 22-26,1996, San Diego, CA 

(Editor's Note: Pre-registration materials will be available 
in mid-October) 

Tutorial Program 

Monday Tutorials, January 22 

Advanced UNIX Security: Threats and Solutions 
Matt Bishop, University of California, Davis 

IP version 6: An Introduction - New 
Richard Stevens, Consultant 

Creating a Web Site with HTML and CGI - New 
Dave Taylor, Intuitive Systems 

UNIX Kernel Internals: Data Structures and Algorithms 
Dr. Marshal Kirk McKusick, Consultant and Author 

An Introduction to Tel and Tk 
John Ousterhout, Sun Microsystems 

The Kerberos Approach to Network Security - Updated 
Dan Geer, Open Market, Inc . and John Rochlis, 

BBN Planet 

Sendmail Inside and Out Version 8 - Updated 
Eric Allman, Pangcea Reference Technologies 

An Introduction to System Performance Tuning - New 
Marcus Ranum, Information Warehouse!, Inc . 

Windows 95 for UNIX Jocks - New 
Doug Hamilton, Hamilton Laboratories 

Topics in System Administration 

Trent Hein, XOR Engineering and Evi Nemeth, 

University of Colorado, Boulder 

The Law and Individual Rights on the Net 

Dan Appelman, Heller, Ehrman, White and McAuliffe 

Tuesday Tutorials, January 23 

UNIX Security Tools: Use and Comparison - New 
Matt Bishop, University of California, Davis 

Joining the Internet Safely using UNIX and Firewalls 
Tina Darmohray and Marcus Ranum, Information 
WarehouseI, Inc . 


UNIX Network Programming 
Richard Stevens, Consultant 

What’s New in Networking - New 

Rik Farrow, Consultant and Dave Taylor, Intuitive Systems 

BSD Network Internals: 

Data Structures and Algorithms - New 
Michael Karels, Berkeley Software Design, Inc , 

Advanced Tcl/Tk - New 
Stephen Uhler and Brent Welch, 

Sun Microsystems Laboratories 

Java-New 

Jim Waldo, Sun Microsystems Laboratories 

Beginning Perl Programming for UNIX Programmers - 
Updated for v5. Tom Christiansen, Consultant 

Linux Inside and Out - New 
Michael K . Johnson, Linux Journal 

IP Network Administration 

William LeFebvre, Argonne National Laboratory 

Preliminary Technical Program 

Wednesday, January 24 

9:00-10:30 
Opening Remarks 

Robert Gray, U S West Advanced Technologies 

Keynote Address: Nature and Nurture - The Interplay 
of UNIX and Networking 

Van Jacobson, Lawrence Berkeley National Laboratory 

11:00-12:30 
File Systems 

Session Chair: John Ousterhout, Sun Microsystems 
Laboratories 

Scalability in the XFS File System 
Adam Sweeney, Silicon Graphics 

A Comparison of FFS Disk Allocation Policies 
Keith A. Smith and Margo Seltzer, Harvard University 

AFRAID - A Frequently Redundant Array of Independent 
Disks 

Stefan Savage, University of Washington and John Wilkes, 
Hewlett-Packard Laboratories 


50 ;login : vol. 20 • no. 5 



ANNOUNCEMENTS & CALLS 


Invited Talk: Linux: Architecture, Experiences, and Future 
Linus Tory aids, University of Helsinki 

2 : 00 - 3:30 
OS Extensions 

Session Chair: Darrell Long, University of California, 

Santa Cruz 

A Comparison of OS Extension Technologies 
Christopher Small and Margo Seltzer, Harvard University 

An Extensible Protocol Architecture for Application- 
Specific Networking 

Marc E. Fiuczynski and Brian N. Bershad, University of 
Washington 

Linux Device Driver Emulation in Mach 

Shantanu Goel and Dan Duchamp, Columbia University 

Invited Talk Panel Discussion: 

Opinions on Recent Legal Decisions 
Moderator: Ed Gould, Digital Equipment Corporation 
Panelists: Dan Appelman, Partner, Heller, Ehrman, White, 
and McAuliffe; Mitch Dembin, Assistant U.S. Attorney - 
Chief, Financial Fraud Section; Mike Godwin, Staff Coun¬ 
sel, Electronic Frontier Foundation 

4 : 00 - 5:00 

Multimedia 

Session Chair: Brent Welch, Sun Microsystems 
Laboratories 

Calliope: A Distributed, Scalable Multimedia Server 
Andrew Heybey, Mark Sullivan, and Paul England, 

Bellcore 

Simple Continuous Media Storage Server on Real-Time 
Mach 

Hiroshi Tezuka and Tatsuo Nakajima, Japan Advanced 
Institute of Science and Technology 

Invited Talk: Cryptography in the 21st Century 
Bruce Schneier, Counterpane Systems 

Thursday, January 25 

9 : 00 - 10:30 

Networks 

Session Chair: John Kohl, Atria Software 

Eliminating Receive Livelock in an Interrupt-driven Kernel 
Jeffrey Mogul, Digital Equipment Corporation, Western 
Research Laboratory; K. K Ramakrishnan, AT&T Bell 
Laboratories 


Implementation of IPv6 in 4.4 BSD 
Randall Atkinson, Daniel McDonald, andBao Phan, Naval 
Research Laboratory; Craig Metz, Kaman Sciences Corpo¬ 
ration; Kenneth Chin, Naval Research Laboratory 

Supporting Mobility in MosquitoNet 

Mary Baker, Xinhua Zhao, Stuart Cheshire, and Jonathan 

Stone, Stanford University 

Invited Talk: Why Threads Are A Bad Idea (for most 
purposes) 

John Ousterhout, Sun Microsystems Laboratories 

11 : 00 - 12:30 

Web 

Session Chair: Christopher Small, Harvard University 

World Wide Web Cache Consistency 

James Gwertzman and Margo Seltzer ; Harvard University 

A Hierarchical Internet Object Cache 
Anawat Chankhunthod, Peter Danzig, and Chuck Neer- 
daels. University of Southern California; Michael F. 
Schwartz and Kurt J. Worrell, University of Colorado, 
Boulder 

Tracking and Viewing Changes on the Web 
F red Douglis and Thomas Ball, AT&T Bell Laboratories 

Invited Talk: Vmalloc: The Search Ends? 

Kiem-Phong Vo, AT&T Bell Laboratories 

2 : 00 - 3:30 

Works-In-Progress 

Invited Talk: Forming a More Perfect Net Governance 
Carey Eugene Heckman, Adjunct Professor of Law, Stan¬ 
ford Law School and Co-Director, Stanford Law and Tech¬ 
nology Policy Center 

4 : 00 - 6:00 

Distributed 

Session Chair: David Black, Opens Software Foundation 
Research Institute 

Implementation of a Reliable Remote Memory Pager 
Evangelos P Markatos and George Dramitinos, Institute of 
Computer Science, FORTH, Crete 

Solaris MC: A Multi Computer OS 

Yousef A. Khalidi, Jose Af. Bernabeu, Vlada Matena, Ken 

Shirriff, and Mod Thadani, Sun Microsystems Laboratories 


OCTOBER 1995 ;login : 51 


ANNOUNCEMENTS & CALLS 


A New Approach to Distributed Memory Management in the 
Mach Microkernel 

Stephan Zeisset, Stefan Tritscher, and Martin Mairandres, Intel 
GmbH 

Fault Tolerance in a Distributed CHORUS/MiX System 
Sunil Kittur, Online Media; Francois Armand t Chorus 
Systimes; Douglas Steel, ICL High Performance Systems; 

Jim Lipkis, Chorus Systemes 

Invited Talk Panel Discussion: Selling Stuff That’s Free - 

The Commercial Side of Free Software 

Moderator Mary Baker, Stanford University; Panelists: 

Bob Bruce, Walnut Creek CD-ROM; William H. Davidow, 
Mohr ; Davidow Ventures; Michael Tiemann, Cygnus 
Support; Linus Torvalds, University of Helsinki 

Friday, January 26,1996 

9 : 00 - 10:30 

Protocols 

Session Chair Jonathan Smith, University of Pennsylvania 

FLIPC: A Low Latency Messaging System for Distributed 
Real Time Environments 

David L. Black, Randall D. Smith, Steven /. Sears, and Randall 
W. Dean, Open Software Foundation Research Institute 

An Analysis of Process and Memory Models to Support 
High-Speed Networking in a UNIX Environment 

B . Murphy, University of Cambridge; S. Zeadally and 

C. J. Adams, University of Buckingham 

Zero-Copy TCP in Solaris 
H. K. Jerry Chu, SunSoft, Inc. 

Invited Talk: Highlights from 1995 USENIX Conferences 

11 : 00 - 2:30 

Performance 

Session Chair Miche Baker-Harvey, Digital Equipment 
Corporation 

A Performance Comparison of UNIX Operating Systems 
on the Pentium 

Kevin Lai and Mary Baker, Stanford University 

lmbench: Portable Tools for Performance Analysis 

Larry McVoy, Silicon Graphics; Carl Staelin, Hewlett-Packard 

Laboratories 


Process Labeled Kernel Profiling: A New Facility to Profile 
System Activities 

Shingo Nishioka, Atsuo Kawaguchi, and Hiroshi Motoda, 
Hitachi Advanced Research Laboratory 

Invited Talk: CitySpace: Come Build It Yourself - 
A User-Extensible Virtual Environment for Real-time Play 
Coco Conn and Zane Vella, Digital Circus Productions 

2 : 00 - 4:00 
Pot Pourri 

Session Chair: Matt Blaze, AT&T Bell Laboratories 

Cut-and-Paste File-Systems: Integrating Simulators and 
File-Systems 

Peter Bosch and Sape J. Mullender, Universiteit Twente 

Predicting Future File-System Actions From Prior Events 
Tom M. Kroeger and Darrell D. E. Long, University of 
California, Santa Cruz 

Transparent Fault Tolerance for Parallel Applications on 
Networks of Workstations 

Daniel J. Scales, Digital Equipment Corporation, Western 
Research Laboratory; Monica S. Lam, Stanford University 

Why Use a Fishing Line When you Have a Net? An Adap¬ 
tive Multicast Data Distribution Protocol 
Steve Kotsopoulos and Jeremy Cooperstock, University of 
Toronto 

Invited Talk Panel Discussion: Technical Executive 
Summary - 90 Minutes, 8 Talks, No Regrets 
Moderator Keith Bostic, Berkeley Software Design, Inc. 
Panelists: TBA 

4 : 30 - 5:30 
Closing Session 

Registration Information 

Pre-registration materials will be available in mid-October. 

Attendees registering by December 15 can save $50 on 
technical sessions fees and $50 on tutorials fees. Phone 714 
588 8649 for more information or visit the USENIX Web 
page: http:llwww.usenix.org . 


52 ;login : vol. 20 ♦ no. 5 




The fourth annual Tcl/Tk workshop is a forum to: 

Bring together Tcl/Tk researchers and practitioners. 

Publish and present current work. 

Plan for future Tcl/Tk related developments. 

The workshop program will include formal presentations 
of papers and demonstrations, as well as informal demonstra¬ 
tions, work in progress sessions, birds of a feather sessions, 
and tutorials. 

This call provides information on submitting formal papers 
and demonstrations. Information on registration will be avail¬ 
able separately in April, 1996. 

Structure of Submissions 

Papers and demonstrations should report on original Tcl/Tk 
research. Example topics have included system extensions, 
novel Tcl/Tk based applications, reports on experiences build¬ 
ing particular applications, use of different programming 
paradigms within Tel, and proposals for new directions. 

All work must be original, and not submitted elsewhere. The 
audience for the workshop is researchers and practitioners 
who are expert users of Tcl/Tk. 

There are three types of submissions: applications papers, 
general papers, and demonstrations. Both paper categories 
are limited to ten pages, and authors will be given a twenty 
minute time slot at the workshop. A full version of the paper 
must be submitted for review. Live demonstrations of non¬ 
commercial software will be given a thirty minute time slot at 
the workshop, and a paper of up to four pages must accom¬ 
pany the demonstration. Detailed instructions on submission 
format appear below. 


Applications papers have typically proven difficult to 
write. Authors considering submission of these types of 
papers are encouraged to consider the following common 
causes of rejection: 

Paper is blatant marketing material for commercial product. 

Insufficient background on application domain so that the 
audience cannot follow; excessive use of domain specific 
buzzwords. 

Too much information on the application, but not enough 
on the relevance of Tcl/Tk to the application. 

Too litde consideration of how the Tcl/Tk community 
could benefit from experiences; limited generalizability. 

Application only illustrates a routine usage of Tcl/Tk. 

Detailed Submission Instructions 

We are accepting workshop submissions electronically, via 
email. Submissions should be sent as both plain text (with no 
extra markup), and as Postscript (formatted for an 8.5x11 
page). When submitting Postscript, please strive to ensure that 
your file can be printed on a variety of printers. If accepted, 
both electronic and camera-ready hardcopy of the final 
version will be required. 

Applications papers and general papers must be full length 
versions, and not just abstracts. Papers may be a maximum 
of ten pages in length. If accepted, we would encourage use 
of brief video clips or demos during the presentation. If 
you think you may use AV equipment other than standard 
overheads or 35mm slides, please make a note of it on the 
cover sheet described below. This information is not used 
to judge your submission, but will assist in organizing 
the final program. 


USENIX', the Advanced Computing Systems Professional and Technical Association. 


October 1995 ; login: 53 




Submissions for demonstrations must prepare a paper of up 
to four pages in length describing the demonstration and pro¬ 
viding further background; this will appear in the workshop 
proceedings. Submitters are encouraged to submit additional 
material supporting their demonstration for review, such as a 
storyboard or outline. If you would like to submit other mate¬ 
rial, such as videotapes, contact the conference chairs for more 
information. 

This workshop, like most conferences and journals, 
requires that papers not be submitted simultaneously to 
another conference or publication and that submitted papers 
not be previously or subsequently published elsewhere. 

Papers accompanied by “non-disclosure agreement” forms are 
not acceptable and will be returned to the author(s) unread. 
All submissions are held in the highest confidentiality prior 
to publication in the Proceedings, both as a matter of policy 
and in accord with the U.S. Copyright Act of 1976. 

A cover letter should be included with all submissions con¬ 
taining the following information: 

■ Name of all authors 

■ Primary contact 

■ Full postal address 

■ Telephone number 

■ Email address (very important) 

■ Category (application paper, general paper, or 
demonstration) 

■ Anticipated AV needs (used only for planning purposes) 

Submissions should consist of a uuencoded, compressed tar 
file (compress or gzip), containing both the plain text and 
Postscript versions (filenames should be based on your last 
name, e.g. smith.txt and smith.ps). This should be mailed, 
along with the cover letter, to tcl96@sco.com . 

Receipt of submissions will be acknowledged by return 
email within one week. If an acknowledgement is not 
received, please contact the co-chairs listed below. 

Important Dates 

Deadlines for paper and demo submissions: March 5, 1996 
Notification of acceptance: April 16 , 1996 
Camera-ready copy due: May 28, 1996 


Program Committee 

Co-chairs: 

Mark Diekhans, SCO 
markd@sco.com 

Mark Roseman, University of Calgary 
roseman @cpsc. ucalgary. ca 

Program Committee: 

Ben Bederson, University of New Mexico 

Wayne Christopher, 1CEM CFD Engineering 

Joe Konstan, University of Minnesota 

Don Libes, NIST 

Michael McLennan, AT&T 

Larry Rowe, University of California Berkeley 

Brent Welch, Sun Labs 

David Young, SCO 

More information on the workshop will be posted to 
comp.lang.tcl, comp.org.usenix, and placed on the World 
Wide Web at http://www.usenix.orgzs it becomes available. 


Registration Materials 

Materials containing all details of the technical and tutorial 
programs, registration fees and forms, and hotel information 
will be available in April, 1996. If you wish to receive the reg¬ 
istration materials, please contact: 

USENIX Conference Office 

22672 Lambert Street, Suite 613 

Lake Forest CA 92630 

714.588.8649 

Fax: 714.588.9706 

Email: conference@usenix.org 

U RL: http:!Iwww. usenix. org 



54 ; login : vol. 20. no 5 



F 


g on Applications of Cryptography 


6th USENIX UNIX security symposium 



Announcement and Preliminary Call for Pap 

July 22-25, 1996 

Fairmont Hotel, San Jose, California 


ers 


Sponsored by the USENIX 
Association, the UNIX and 
Advanced Computing Systems 
Professional and Technical 
Association 

Co-sponsored by UniForum 
(pending) 

In cooperation with The Computer 
Emergency Response Team (CERT), 
and IFIP WG 11.4 

Important Dates 

Dates for Refereed paper submissions: 
Extended abstracts due: 

March 19, 1996 

Program Committee decisions made: 
April 15, 1996 

Camera-ready final papers due: 

June 10, 1996 

Registration Materials Available: 

End of April 1996 

Program Committee 

Program Chair: Greg Rose, Sterling 
Software 

Fred Avolio, Trusted Information 
Systems, Inc. 

Steve Bellovin, AT&T Bell Laboratories 
Brent Chapman, Great Circle Associates 
Diane Coe, The MITRE Corporation 
Ed DeHart, CERT 
Dan Geer, Open Market Inc. 


Peter Gutman n, University of Auckland 
Kent Landfield, Sterling Software 
Clifford Neuman, Information Sciences 

Institute 

Avi Rubin, Bellcore 

Eugene Spafford, COAST Laboratory, 

Purdue University 
Ken van Wyk, Defense Information 

Systems Agency 

Karen Worstell, The Boeing Company 
Readers: Matt Bishop, U.C. Davis\ 

Phil Karn, Qualcomm 

Overview 

The goal of this symposium is to bring 
together security and cryptography practi¬ 
tioners, researchers, system administra¬ 
tors, systems programmers, and others 
with an interest in applying cryptography, 
network and computer security, and espe¬ 
cially the area where these overlap. The 
focus on applications of cryptography is 
intended to attract papers in the fields 
of electronic commerce and information 
processing, as well as security. Please note 
that papers about new cryptographic 
algorithms are not solicited; however 
new applications are. 

This will be a four day, single track 
symposium with tutorials, refereed and 
technical presentations, and panel discus¬ 
sions. Tutorials will take place the first two 
days followed by two days of technical 
sessions. 


Tutorials 

July 22-23 

Tutorials for both technical staff and 
managers will provide immediately 
useful, practical information on topics 
such as local and network security precau¬ 
tions, what cryptography can and cannot 
do, security mechanisms and policies, fire¬ 
walls and monitoring systems. 

Technical Sessions 

July 24-25 

In addition to the keynote presentation, 
the technical program includes refereed 
papers and invited talks. There may be 
panel sessions. There will be Birds-of-a- 
Feather sessions and Works-in-Progress 
Reports on two evenings. You are invited 
to make suggestions to the program com¬ 
mittee via email to security@usenix.org. 

Papers that have been formally reviewed 
and accepted will be presented during the 
symposium and published in the sympo¬ 
sium proceedings. Proceedings of the sym¬ 
posium will be published by USENIX and 
will be provided free to technical session 
attendees; additional copies will be avail¬ 
able for purchase from USENIX. 


USENIX", the Advanced Computing Systems Professional and Technical Association. 


October 1995 ;login: 55 



Symposium Topics 

Presentations are being solicited in areas 
including but not limited to: 

Anonymous transactions 
Applications of cryptographic techniques 

Attacks against secure networks/ 
machines 

Cryptanalysis and codebreaking as 
attacks 

Cryptographic tools 
Electronic commerce security 
Firewalls and firewall toolkits 
Legislative and legal issues 
Case studies 

Computer misuse and anomaly detection 
File and File system security 
Network security 
Security and system management 
Security in heterogeneous environments 

Security incident investigation and 
response 

Security tools 

User/system authentication 
Penetration testing 
Malicious code analysis 

Note that this symposium is not about 
new codes or ciphers, or cryptanalysis for 
its own sake. 

How to Submit 
a Refereed Paper 

Submissions must be received by March 
19, 1996. Authors are encouraged to 
submit an extended abstract which dis¬ 
cusses key ideas and demonstrates the 
structure of the finished paper. Extended 
abstracts should be 3-5 pages long (about 
1500-2500 words), not counting refer¬ 
ences and figures. The body of the 
extended abstract should be in complete 
paragraphs. The object of an extended 
abstract is to convince the reviewers that a 
good paper and presentation will result. 
Full papers can be submitted if they are 
complete in advance of the date. Full 
papers should be 8 to 15 typeset pages. 

Authors will be notified of acceptance 
on April 15, 1996. 


All submissions will be judged on origi¬ 
nality, relevance, and correctness. Each 
accepted submission will be assigned a 
member of the program committee to act 
as its shepherd through the preparation of 
the final paper. The assigned member will 
act as a conduit for feedback from the 
committee to the authors. Camera-ready 
final papers are due June 10, 1996. 

Please accompany each submission by 
a cover letter stating the paper title and 
authors along with the name of the 
person who will act as the contact to the 
program committee. Please include a 
surface mail address, daytime and evening 
phone number, and, if available, an email 
address and fax number for the contact 
person. 

If you would like to receive detailed 
guidelines for submission and examples of 
extended abstracts, you may send email to: 

securityauthors@nsenix.org 

or telephone the USENIX Association 
office at 510.528.8649. 

The UNIX Security Symposium, like 
most conferences and journals, requires 
that papers not be submitted simulta¬ 
neously to another conference or publica¬ 
tion and that submitted papers not be 
previously or subsequently published 
elsewhere. Papers accompanied by “non¬ 
disclosure agreement” forms are not 
acceptable and will be returned to the 
author(s) unread. All submissions are held 
in the highest confidentiality prior to pub¬ 
lication in the Proceedings, both as a 
matter of policy and in accord with the 
U.S. Copyright Act of 1976. 

Where to Submit 

Please send one copy of an extended 
abstract or a full paper to the program 
committee via each of two, for reliability, 
of the following methods. All submissions 
will be acknowledged. 

• Preferred Method email 
(Postscript or ASCII) to: 

securitypapers@usenix. org 


m Alternate Method postal delivery to: 

Security Symposium 
USENIX 

2560 Ninth St., Suite 215 
Berkeley CA 94710 
U.S.A. 

Phone: 510.528.8649 
. Fax: 510.548.5738 

Registration Materials 

Materials containing all details of the 
technical and tutorial programs, registra¬ 
tion fees and forms, and hotel information 
will be available at the end of April 1996. 
If you wish to receive the registration 
materials, please contact USENIX at: 

USENIX Conference Office 

22672 Lambert Street, Suite 613 

Lake Forest, CA USA 92630 

714.588.8649 

Fax: 714.588.9706 

email: conference@usenix.org 

Information can also be found under 
the USENIX Association Web page, 
URL: http:llwww.usenix.org 



56 ;login : vol. 20. no. 5 



10th systems administration conference (LISA '96) 


Announcement and Call for Participation 



Co-sponsored by 
USENIX, the Advanced Computing 
Systems Professional and Technical 
Association; and SAGE, the System 
Administrators Guild 

Important Dates 

Refereed paper submissions: 

Extended abstracts due: May 7, 1996 
Notification to authors by: 

June 11, 1996 

Final papers due: August 15, 1996 
Registration materials available: 

July, 1996 

Overview 

LISA, the USENIX Systems Administra¬ 
tion Conference, is the leading confer¬ 
ence for and by system administrators. 
LISA originally stood for “Large Installa¬ 
tion Systems Administration” when a large 
installation meant over 100 users, 100 sys¬ 
tems, or a gigabyte of disk storage. Today, 
the LISA conference offers the most com¬ 
prehensive program for system administra¬ 
tors from sites of all sizes and at all levels 
of experience. 

LISA ‘96 will mark the tenth anniver¬ 
sary of the LISA conference. While there 
will be events at the conference to mark 
this occasion, the focus will continue to be 
bringing system administrators the latest 
tools, techniques, and information needed 


September 30-October 4, 1996 
Chicago Marriott, Chicago, Illinois 


to keep apace with the rapid technology 
advancements, changes in public and legal 
policy, and changes in the ways that their 
employers do business. 

Tutorial Program 

Monday and Tuesday, September 30- 
October 1,1996 

The conference will offer up to 20 tutor¬ 
ials on two days. Tutorials are offered on 
all levels of system administration from 
novice to senior system administrator. 

To provide the best possible tutorial 
offerings, USENIX continually solicits 
proposals for new tutorials. If you are 
interested in presenting a tutorial at this or 
other USENIX conferences, please contact 
the tutorial coordinator: 

Daniel V. Klein 
412.421.0285 
Fax: 412.421.2332 
Email: dvk@usenix.org 

Technical Sessions 

Wednesday through Friday, 

October 2-4, 1996 

The three days of technical sessions 
consist of two parallel tracks. The first 
track is dedicated to presentations of 
refereed technical papers. The second 
track is intended to accommodate invited 
talks, panels and Works-in-Progress 
(WIP) sessions. 


Conference Topics 

Papers addressing the following topics are 
particularly timely; papers addressing 
other technical areas of general interest 
are equally welcome. 

n Innovative system administration tools 
and techniques 

■ Integrating new networking 
technologies 

■ Problem tracking 

m Remote site administration 
» Experiences supporting large sites 
(>1000 users or machines) 

■ Experiences supporting nomadic and 
wireless computing 

■ Integration of heterogeneous 
platforms—multiple UNIX platforms, 
PC/Mac integration, interfacing with 
Legacy systems 

n Integration of emerging technologies 
to system administration 

■ Support stratgies in use at your site 

■ Distributed system administration 

■ Proactive problem management 

■ OS/Platform migration strategies 

m Performance analysis and monitoring 

■ Data management 
m Security 

b Ethics 

b Asset management 
b Training the user 
b Incorporating commercial system 
administration technology for your site 


USENIX", the Advanced Computing Systems Professional and Technical Association. 




October 1995 ;login: 57 





Refereed Paper Submissions 

An extended abstract is required for the 
paper selection process. Full papers are not 
acceptable at this stage; if you send a full 
paper, you must also include an extended 
abstract. "Extended” means 2-5 pages. 

Include references to establish that you 
are familiar with related work, and, where 
possible, provide detailed performance 
data to establish that you have a working 
implementation or measurement tool. 

Submissions will be judged on the 
quality of the written submission, and 
whether or not the work advances the state 
of the art of system administration. For 
more detailed author instructions and a 
sample extended abstract, send email to 
lisa 1 Oauthor@usenix.org oi call USENIX 
at 510.528.8649. 

Note that LISA, like most conferences 
and journals, requires that papers not be 
submitted simultaneously to more than 
one conference or publication and that 
submitted papers not be previously or 
subsequently published elsewhere. Papers 
accompanied by “non-disclosure agree¬ 
ment” forms are not acceptable and will 
be returned unread. All submissions are 
held in the highest confidence prior to 
publication in the conference proceed¬ 
ings, both as a matter of policy and as pro¬ 
tected by the U.S. Copyright Act of 1976. 

Authors of an accepted paper must pro¬ 
vide a final paper for publication in the 
conference proceedings. At least one author 
of each accepted paper presents the paper 
at the conference. Final papers are limited 
to 20 pages, including diagrams, figures 
and appendixes, and must be in troff, 
ASCII, or LaTeX format. We will supply 
you with instructions. Papers should 
include a brief description of the site, 
where appropriate. 

Conference proceedings, containing all 
refereed papers and materials from the 
invited talks, will be distributed to attend¬ 
ees and will also be available from the 
USENIX following the conference. 


Where to Send Submissions 

Please submit extended abstracts for the 
refereed paper track by two of the follow¬ 
ing methods: 

Email to: Iisal0papers@usenix.org 
Fax to: 510.548.5738 

Mail to: 

LISA 10 Conference 
USENIX Association 
2560 Ninth Street, Suite 215, 

Berkeley, CA USA 94710 

To discuss potential submissions, and for 
inquiries regarding the content of the con¬ 
ference program, contact the program co- 
chairs at lisa 1 Ochair@usenix.org or at: 

Helen E. Harrison 
SAS Institute Inc. 

SAS Campus Drive 
Cary, NC 27513 
919.677.8000 x6981 
Fax: 919.677.4444 
Email: helen@usenix.org 

Amy K. Kreiling 
Campus Box #3175 
Department of Computer Science 
University of North Carolina 
Chapel Hill, NC 27599 
919.962.1843 
Fax:919-962.1799 
Email: amy@usenix.org 

Invited Talk Track 

If you have a topic of general interest to 
system administrators, but that is not 
suited for a traditional technical paper 
submission, please submit a proposal for a 
second track presentation to the invited 
talk (IT) coordinators at itlisa@usenix.org. 

Program Committee 

Program Co-chair: Helen E. Harrison, 
5^5 Institute Inc. 

Program Co-chair: Amy K. Kreiling, 
University of North Carolina 
Paul Evans, Synopsys, Inc. 

David L. Kensiski, MCI 
Telecommunications 
Bill LeFebvre, Argonne National Labs 


E. Scott Menter, Enterprise Systems 
Management 

Pat Parseghian, AT&T Bell Laboratories 
Pat Wilson, Dartmouth College 
Elizabeth Zwicky, Silicon Graphics , Inc. 

Vendor Displays 

Wednesday and Thursday, 

October 2-3, 1996 

LISA attendees have an enormous interest 
in industrial strength, state of the art solu¬ 
tions to system adminstration problems. 

If your company's products provide solu¬ 
tions, LISA will provide attendees with 
the technical expertise to understand and 
appreciate it. Please contact: 

Zanna Knight 
Tel: 510.528.8649 
Fax: 510.548.5738 
Emai l: display@usenix. org 

Birds-0f-A-Feather Sessions 

Birds-of-a-Feather sessions (BoFs) are 
very informal gatherings of attendees 
interested in a particular topic. BoFs 
are held Tuesday, Wednesday, and Thurs¬ 
day evenings of the conference. BoFs 
may be scheduled in advance by tele¬ 
phoning the USENIX Conference Office 
at 714.588.8649 or via email to 
conference@usenix.org. They may also be 
scheduled at the conference. 

For Registration Information 

The complete program and registration 
information will be available in July 
1996. If you would like to receive registra¬ 
tion materials, please contact: 

USENIX Conference Office 
22672 Lambert Street, Suite 613 
Lake Forest, CA 92630 
Phone: 714.588.8649 
Fax:714.588.9706- 
Email: conference@usenix.org. 

URL: http://www.usenix.org 

Or you can send email to our mailserver at 
info@usenix.org . Your message should 
contain the line: send catalog. A catalog 
will be returned to you. 


58 ; login : vol.2o.no.5 




inference on 


object-oriented technologies and systems (COOTS) 


im 


Announcement and Preliminary Call for Papers 


June 17-21, 1996 
Toronto, Canada 


Sponsored by the USENIX 
Association 

Important Dates 

Tutorial submissions due: Feb 7, 1996 
Paper submissions due: Feb 13, 1996 
Notification to authors: March 5, 1996 
Camera-ready final papers due: May 7, 
1996 

Preliminary Program Committee 

Program Chair: Douglas C. Schmidt, 
Washington University 
Tutorial Program Chair: Doug Lea, 
SUNY Oswego 
Donald Box, Developmentor 
Kraig Brockschmidt, Microsoft 
David Chappell, Chappell and Associates 
Andrew Chien, University of Illinois, 
Urbana-Champaign 
David Cohn, University of Notre Dame 
Jim Coplien, AT&T Bell Labs 
Murthy Devarokonda, IBM Watson 
Research Labs 

Peter Druschel, Rice University 
Daniel Edelson, I A Corporation 
Nayeem Islam, IBM Watson Research Labs 
Dennis Kafura, Virginia Tech University 
Doug Lea, SUNY Ostwego 
Dmitry Lenkov, Hewlett-Packard 
Mark Linton, Silicon Graphics Inc. 

Vince Russo, Purdue University 
Jerry Schwarz, Declarative Systems 
Kevin Shank, Rochester Institute of 
Technology 

Michael Stal, Siemens AG 


Bjarne Stroustrup, AT&T Bell Labs 
Steve Vinoski, Hewlett-Packard 
Jim Waldo, Sun Microsystems Labs 

Overview 

The COOTS conference is intended to 
showcase advanced R&D work in object- 
oriented technologies and software sys¬ 
tems. The conference emphasizes experi¬ 
mental research and experience gain by 
using object-oriented techniques and lan¬ 
guages to build complex software systems 
that meet real world needs. 

Tutorials 

The COOTS conference will begin with 
two days of tutorials. The tutorial program 
will offer a selection of tutorials from 
among several tracks. We expect tutorial 
topics to include: 

Distributed object systems (CORBA, 
Network OLE, DSOM, etc.) 

C++ Standard Template Library 
Object-oriented network programming 

Design patterns for object-oriented 
systems 

Evolution of ANSI/ISO C++ 
standardization 

Concurrent object-oriented 
programming 

Efficient and effective framework design 
Alternative object-oriented languages 

Tutorial proposal submissions must be 
received by February 7, 1996. The pre¬ 
ferred form of submission is via electronic 


mail to the Tutorial Chair Doug Lea 
(dl@goswego.edu). Tutorials selected for 
presentation at the conference will be 
announced by February 20, 1996. 

Technical Session Topics 

Two days of technical sessions will follow 
the tutorials. We seek papers describing 
original work concerning the design, 
implementation, experimentation, and use 
of object-oriented technologies. Like the 
USENIX C++ conferences from which it is 
derived, COOTS emphasizes advanced 
engineering aspects of object technology, 
focusing on experimental systems research 
and development on distributed objects, 
multimedia, operating systems, compiler 
technology, and C++. While papers cover¬ 
ing work in C++ are strongly encouraged, 
the conference is broader in scope than its 
ancestors. In particular, we invite submis¬ 
sions describing results and work in other 
object-oriented or object-based languages. 

Potential topics include but are not 
limited to: 

Applications of, and experiences with, 
object-oriented technologies in 
various domains (distributed systems, 
multimedia, real-time systems, 
financial services, human/computer 
interface, etc.) 

Distributed object systems (CORBA, 
DCOM, DSOM, etc.) 

Implementations of commercial object 
infrastructures and reliable distributed 
objects (CORBA, NextStep, OLE/ 
COM, SOM, Isis/RDO, etc.) 


USENIX", the Advanced Computing Systems Professional and Technical Association. 


October 1995 ;login: 59 






C++ standardization (STL, templates, 
implementation challenges) 

Object-oriented programming language 
development environments and tools 
(C++, Modula-3, Eiffel, etc.) 

Content-oriented languages for 
programming in the WWW (Java, 
Python, Obliq, Phantom, etc.) 

Interface description languages (DCE 
IDL, OMG IDL, etc.) 

Questions regarding a topic's relevance to 
the conference may be addressed to the 
program chair via electronic mail to 
schmidt@cs.wustl.edu. Proceedings of the 
conference will be published by USENIX 
and will be provided free to technical 
session attendees; additional copies will 
be available for purchase from USENIX. 

In addition, based upon feedback solic¬ 
ited at the conference from attendees, the 
program committee will select five papers 
to be published in revised and expanded 
form in a special issue of a suitable jour¬ 
nal. To help authors prepare these papers 
for publication, we will have one or more 
BOF sessions organized as “writers work¬ 
shops.” The writers workshop format has 
a group of “discussants” read the paper 
carefully before the session. During the 
writers workshop, the discussants 
examine the strengths and weaknesses of 
each paper, accentuating positive aspects 
and suggesting improvements in content 
and style. The author is “invisible” during 
this discussion, and is expected to take 
notes and revise the paper in accordance 
with the comments. 

Advanced Topics Workshop 

This years USENIX COOTS conference 
will conclude with an Advanced Topics 
Workshop. The goal of this workshop is to 
provide an informal setting in which to 
exchange in-depth technical information 
with your peers. This workshop will be 
open to authors of papers in the confer¬ 
ence, as well as participants who submit 
position papers related to the workshops 
topic. This topic will be determined several 
months before the conference and a Call 
for Position papers will be announced. Past 
USENIX C++ conferences have held 


Advanced Topics Workshops on a variety of 
topics including distributed object comput¬ 
ing and implementation issues related to 
C++ language features. 

What to Submit 

Technical paper submissions must be 
received by February 13, 1996. Full papers 
should be 10 to 15 pages (around 5,000- 
6,000 words). In lieu of a full paper, 
authors may submit extended abstracts 
that discuss key ideas. Extended abstracts 
should be 5-7 pages long (about 2,500- 
3,500 words), not counting references 
and figures. The body of the extended 
abstract should be written as complete 
paragraphs. The objective of an extended 
abstract should be to convince reviewers 
that a good, solid paper and presentation 
will result. Extended abstracts are intend 
to stimulate industrial participation and to 
allow publication of very current material. 

All submissions will be judged on origi¬ 
nality, relevance, and correctness. Each 
accepted submission will be assigned a 
member of the program committee to act 
as its shepherd through the preparation of 
the final paper. The assigned member will 
act as a conduit for feedback from the 
committee to the authors. Camera-ready 
final papers are due May 7, 1996. 

Please accompany each submission by a 
cover letter stating the paper title and 
authors, along with the name of the person 
who will act as the contact to the program 
committee. Please include a surface mail 
address, daytime and evening phone 
number, and, if available, an email address 
and fax number for the contact person. 

If you would like to receive detailed 
guidelines for submission and examples 
of extended abstracts, you may telephone 
the USENIX Association office at: 
510.528.8649, 

or email to 

coots a u thors @ use nix. org 
or to the program committee chair 

schmidt@cs. wusti edu 
An electronic version of this Call for 
Papers is available on the World Wide 
Web. The URL is: http:llwww.usenix.org. 


The COOTS conference, like most con¬ 
ferences and journals, requires that papers 
not be submitted simultaneously to 
another conference or publication and 
that submitted papers not be previously 
or subsequently published elsewhere. 
Papers accompanied by non-disclosure 
agreement forms are not acceptable and 
will be returned to the author(s) unread. 
All submissions are held in the highest 
confidentiality prior to publication in the 
Proceedings, both as a matter of policy 
and in accord with the U.S. Copyright 
Act of 1976. 

Where to submit 

Please send one copy of a full paper or an 
extended abstract to the program commit¬ 
tee via one of the following methods. All 
submissions will be acknowledged. 

■ Preferred Method: email 
(Postscript or ASCII) to 

cootspapers@usenix, org 

■ Alternate Method: postal delivery to 
USENIX COOTS Conference 

c/o Dr. Douglas C. Schmidt 

Department of Computer Science 

Washington University 

Campus Box 1045 

One Brookings Drive 

St. Louis, Missouri 63130-4899 

U.S.A. 

(TEL): 314.935.7538 
(FAX): 314.935.7302 

Registration Materials 

Materials containing all details of the 
technical and tutorial programs, registra¬ 
tion fees and forms, and hotel information 
will be available beginning in April 1996. 
If you wish to receive the registration 
materials, please contact USENIX at: 

USENIX Conference Office 
22672 Lambert St., Suite 613 
Lake Forest, CA USA 92630 
Tel: 714.588.8649 
Fax: 714.588.9706 
Email: conference@usenix.org 



60 ;login: vol.2o. no. 5 


liBiMC! 




NIX Symposium on 


October 29-November 1, 1996 
Seattle, Washington, USA 


operating systems design and implementation (OSDI '96) 


Ipp6 


Pre-Announcement and Call for Papers 


Sponsored by the USENIX Association 
Co-sponsored by ACM SIGOPS (pending) and 
IEEE TCOS 

After a successful first OSDI symposium, the next OSDI 
will continue to focus on practical issues related to modern 
operating systems. OSDI brings together professionals from 
academic and industrial backgrounds, and has become the 
perfect forum for issues concerning the design and imple¬ 
mentation of operating systems for modern computing plat¬ 
forms such as workstations, parallel architectures, mobile 
computers, and high speed networks. 

The OSDI symposium emphasizes both innovative 
research and quantified experience in operating systems. We 
seek papers describing original work concerning the design, 
implementation, and use of modem operating systems. 
Besides mature work, we encourage submissions describing 
exceptionally promising, well-grounded speculative work, 
or enlightening negative results. Topics of interest include, 
but are not limited to: 

OS structure and organization 
OS kernel internals, servers and applications 
Distributed and mobile computing 
Multiprocessor and parallel systems 
Communications 

Storage Management and I/O systems 
Security in distributed systems 
Scalability and availability 
Heterogeneous systems 
Performance and optimizations 
Language support for OS 
OS interaction with HW architecture 


OS support for embedded systems 
OS support for real time and multimedia 
Interaction of OS and applications 

Program Committee 

Karin Petersen, Xerox PARC (co-chair) 

Willy Zwaenepoel, Rice University (co-chair) 

Peter Chen, University of Michigan 

Richard Draves, Microsoft Research 

Carla Ellis, Duke University 

Ed Felten, Princeton University 

Jim Gray, Microsoft Bay Area Laboratory 

Kevin Jeffay, University of North Carolina 

David Johnson, Carnegie Mellon University 

Jay Lepreau, University of Utah 

Jeff Mogul, DECWRL 

Marc Shapiro, INRIA 

John Wilkes, Hewlett-Packard Labs 

John Zahorjan, University ofWashington 

Important Dates 

Full papers due: May 7, 1996 
Notification to authors: July 30, 1996 
Revised papers due for shepherding: August 19, 1996 
Camera-ready full papers due: September 16, 1996 

Submission Process 

Authors are required to submit full papers by May 7, 1996. 
Submitted papers should be no longer than 14 pages, spaced 
no closer than standard 10 point font on 12 point baseline, 
single- or double-column format. Longer submissions will 
be discarded without review. Very similar papers must not 


USENIX", the Advanced Computing Systems Professional and Technical Association 


October 1995 ; login: 61 




have been published or submitted for publication else¬ 
where. All submissions will be held in the highest confiden¬ 
tiality prior to publication. Papers accompanied by so-called 
‘non-disclosure agreement” forms are not acceptable and 
will be returned unread. 

The papers will be judged on significance, originality, 
clarity, relevance, and correctness. The committee will favor 
papers with reproducible results, especially those supplying 
detailed data and explanations, or offering to make data sets 
or source code available. 

Accepted papers will be shepherded through an editorial 
review process by a member of the program committee. 

Authors of accepted papers will be expected to provide 
an HTML page containing the abstract and links to 
their paper, slides, and software, if available. This will be 
collected after the event for inclusion in an electronic 
version of the symposium (for an example, see 
http: Hivwiv. cs. Utah. edu/~ lepreaulosdi94/). 

Where to submit 

Submission of all papers must be made in both paper and 
electronic form. Fifteen (15) paper copies (double sided if 
possible) of the paper must be sent to: 

Willy Zwaenepoel 

Department of Computer Science, 

Rice University 

6100 S. Main St. 

Houston, TX 77005, USA 

and one electronic copy in Postscript (not ASCII) must be 
submitted by electronic mail to: osdi-papers@cs.rice.edu 

For administrative reasons (not blind reviewing), every 
submission (in both its paper and electronic form) should 
include one additional page containing: (i) paper title and 
authors, indicating any who are full time students, and (ii) 
for the author who will act as the contact to the program 
committee, his or her name, paper mail address, daytime 
and evening phone numbers, email address and fax number, 
if available. The cover sheet mailed with the electronic 
paper submission should be in ASCII to facilitate accurate 
on-line bookkeeping, and should be included in the same 
electronic mail message as the PostScript file containing the 
paper. 

All submissions will be acknowledged by May 21, 1996. 
If your submission is not acknowledged by this date, please 
contact the program chairs promptly at osdi@cs.rice.edu . 


Symposium Overview 

The symposium will consist of one day of tutorials, followed 
by 2.5 days of single-track technical sessions with presenta¬ 
tions of the refereed papers, and a half day workshop on a 
topic yet to be determined. One of the technical sessions 
will be dedicated to work-in-progress presentations and will 
be described in later announcements. The refereed papers 
will be published in the Proceedings, provided free to tech¬ 
nical session attendees and available for purchase from 
USENIX. The Proceedings may also be distributed to ACM 
SIGOPS members. Papers of particular merit will be 
selected to receive an award and will be published in the 
IEEE TCOS Bulletin. 

Registration Materials 

Materials containing all details of the technical and tutorial 
programs, registration fees and forms, and hotel information 
will be mailed in August 1996. If you wish to receive the 
registration materials, please contact: 

USENIX Conference Office 
22672 Lambert St., Suite 613 
Lake Forest, CA USA 92630 
Phone: 714 588 8649 
Fax: 714 588 9706 
Email: conference@usenix.org 
WWW URL: http://www.usenix.org. 





IEEE COMPUTER SOCIETY 


62 ; login : vol. 20. no. 5 






Pre-Announcement and Call for Participation 


( The fifth AnnuaC Conference 

on 

System Administration, 9{etzvorhing, and Security 

May 13-17,1996 

The Washington Renaissance Hotel 
Washington, D.C. 



Sponsored by The Open Systems Conference Board. 

In cooperation with The USENIX Association, SAGE, 
FedUNIX, and the Escal Institute. 

Major Themes for 1996 

• Providing tools and techniques you can use 
immediately 

• Managing change wrought by rapidly evolving 
technologies 

• Beating budget cuts with cost-effect techniques 
and solutions 

• Helping management learn the value of system 
administration and security 


Important Dates 

Extended abstracts due: November 17th, 1995 

Notification to authors: December 20th, 1995 

Camera-ready papers due: February 24th, 1995 


The annual SANS conference combines System 
Administration, Networking, and Security -- covering both 
the human and technical sides of these topics. The 1995 
SANS conference was the largest ever (with almost 700 
attendees) and featured notable speakers such as Rob 
Kolstad, Gene Spafford, Matt Bishop, Marcus Ranum, and 
Scott Charney. SANS96 is expected to be even larger and 
will include three days of in-depth, authoritative courses 
and two days of multiple parallel tracks comprising 
refereed paper presentations, invited technical 
presentations, and panel sessions. The SANS96 Spring 
conference provides a forum at which system 
administrators, network managers, and security experts 
exchange practical information, share new ideas, 
evaluate new tools and, most importantly, expand their 
network of professional contacts. 

SANS96 continues the tradition of focusing exclusively on 
practical solutions to today's administration, security and 
networking problems - providing techniques you can put 
to work immediately. This year's emphasis on cost 
effective solutions and techniques for today's shrinking 
budgets will enable you get the most out of your 
information technology dollar. SANS96 will also provide a 
unique opportunity to review the most popular 
commercial software tools and focuses on how those 
tools lower the costs of managing UNIX and client/server 


computing. Evenings will include both Birds Of a Feather 
sessions and other special events. 

The SANS program committee is seeking submissions for 
tutorials and panel sessions in addition to technical 
presentations. Tutorial topics in the past have included: 
system administration, sendmail configuration, perl 
programming, network tuning, firewalls, UNIX security, and 
UNIX security tools. Panel sessions of interest include those 
with controversial or alternative viewpoints as well as 
those that encourage enlightening discussion of relevant 
issues. 

Formally reviewed papers, presented at the conference, 
will be published in the conference proceedings and 
provided to all attendees. 

Potential Paper Topics 

• Managing high-availability environments 

• Dealing with problem users 

• Surviving in a crisis situation, especially “responding 
appropriately to crisis" 

• Selling your skills/value to your manager 

• Designing and implementing policies 

• Developing and using metrics to measure/improve 
productivity and to identify areas for automation 

• Automating bulk O/S upgrades and installations 

• Managing sites with heterogeneous systems 

• Managing data storage and file migration 

• Using innovative backup techniques for large disk 
farms 

• Managing mobile and remote sites 

• Managing and tracking hardware/software at large 
sites 

• Managing your network information server(s) 

• Managing your databases 

• Integrating UNIX systems with non-UNIX Systems 

• Providing a seamless software environment in a 
heterogeneous world 

• Protecting data with innovative techniques and 
methods 

• Securing your site as you join the Internet 

• Detecting and responding to security incidents 

• Using innovative security auditing and monitoring 
techniques 


OCTOBER 1995 ; login : 63 




• Using one-time password systems and other 
authentication techniques 

• Using Innovative methods for controlling network 
communication such as packet filters, firewalls, host- 
based filter schemes, and the new security routers 

• Performing cost effective network management 
using commercial products and/or freeware 

• Using innovative and cost-effective techniques for 
network performance testing and tuning 

• Improving network monitoring with Al (or smart filters) 

• Integrating heterogeneous network technology (e.g„ 
Ethernet, FDDI, token ring, HiPPi, ATM, and Novell) 

Abstract Submissions 

Extended abstracts for refereed papers must be 2 to 5 
pages long; 1500-2000 words is a good length. The object 
of an extended abstract is to convince the reviewers that 
a good paper and presentation will result. Final papers 
should be 8 -12 pages long. Time slots for the technical 
presentations will be 30 or 45 minutes. Please specify time 
needed. 

Your abstract should include; 

1. An author information block including the title of 
the paper, the principal author's name, address, 
email, telephone, and FAX numbers, and the 
names of the other authors. 

2. A description of the problem and its 
Importance. 

3. The solution, Including details of how it worked. If 
the work builds on emerging technology, try to 
show what the expected impact will be when 
the technology matures. If your solution is based 
on commercial hardware or software tools, 
name them. (Abstracts from software vendors 
are also welcome, and will be considered as 
part of the commercial tools track or the regular 
paper sessions, depending on their focus.) 

4. Data on the solution's effectiveness: before and 
after comparisons, evaluations, direct savings, 
trade-offs, etc. 

5. Lessons learned. 

Panel proposals should be a minimum of one page and 
should include the topic(s) and objective(s) of the panel. 
Names of potential panelist members should also be 
included. Time slots for panel sessions will be either 45 or 
90 minutes. Please specify time needed. 

Tutorial proposals should be 3 to 5 pages long and should 
include; a full outline and/or a written description of the 
tutorial, the intended audience, the level of the material 
(beginning. Intermediate or advanced), a minimum of 
two references for the author's tutorial ability and a brief 
biography (1 paragraph) for the author. Tutorials are 
either full-day (6 hours of class) or half-day (3 hours of 
class). Please specify time needed. 

Special Bonus For Those Preparing Abstracts 

Two of our program members, Rob Kolstad and Michele 
Crabb, have agreed to review your draft abstracts and 


offer suggestions. Rob and Michele's ideas can add an 
extra dimension to your paper and presentation and 
may give it more excitement and pump up it's technical 
appeal and usefulness for SANS attendees. There is no 
requirement for you to use this service, but they respond 
quickly with constructive and friendly comments. Email 
your abstract to either kolstad@bsdi.com or 
crabb@nas.nasa.gov (but not both). They'd love to hear 
from you, so feel free to take advantage of this special 
offer. 

Where To Submit 

Please send one copy of your extended abstract to the 
program committee using one of the following methods. 
All submissions will be acknowledged. 

Preferred method: email (plain ASCII text) to 
s ans@clark.net 

Alternative method: postal delivery (on paper) to 
SANS Abstracts 
4610 Tournay Road 
Bethesda, MD 20816 

Registration Materials 

Materials containing all details of the SANS96 conference 
will be mailed in January 1996. If you would like to receive 
the registration materials, please contact: 

SANS Conference Office 
4610 Tournay Road 
Bethesda, MD 20816 
Phone: 719-599-4303 
FAX: 719-599-4395 
Email: sans@clark.net 

WWW URL: http://www.nas.nasa.gov/SANS 

Conference Chair 

Rob Kolstad, Berkeley Software Design 

Conference Co-chairs 

Alan Paller, CIO Institute 

Michele Crabb, Sterling Software at NASA Ames 
Research Center 

Program Committee 

Matt Bishop, University of California at Davis 
Arnold DeLeon, Synopsys 
David Kensiski, MCI Telecommunications 
Paul Moriarty, cisco Systems 
John Stewart, cisco Systems 

Shaun Welch, Sterling Software at NASA Ames Research 
Center 

Pat Wilson, Dartmouth College 


64 ;login: vol. 20. no. 5 



A UNIQUE OFFER 
ON THE BEST IN UNIX 
FOR USENIX MEMBERS 


□ THE INTERNET 
GUIDE FOR NEW 
USERS 

D. Dern 

hardcover, 016510-6, $40.00, 
MEMBER PRICE $32.00 
paperback, 016511-4, $27.95, 
MEMBER PRICE $22.36 

□ INTERNET FOR 
EVERYONE 

R. Wiggins 

hardcover, 067018-8, $29.95, 
MEMBER PRICE $23.96 
paperback, 067019-6, $45.00, 
MEMBER PRICE $36.00 

□ THE ESSENTIAL 
INTERNET 

INFORMATION GUIDE 

J. Manger 

707905-1, paperback, $27.95, 
MEMBER PRICE $22.36 



W 20 % 

DISCOUNT FROM 
V McGRAW-iflLL 


□ THE INFORMATION 
BROKERS 
HANDBOOK, 

Second Edition 

S. Rugge 

911878-x, paperback, $34.95, 
MEMBER PRICE $27.96 
Available December 1994 

□ SAA AND UNIX: IBM’s 
Open System Strategy 
M. Killen 

034607-0, $40.00, 

MEMBER PRICE $32.00 

□ A STUDENT’S GUIDE 
TO UNIX 

H. Hahn 

025511-3, paperback, $28.00, 
MEMBER PRICE $22.40 


□ UNIX DEVELOPER’S 
TOOL KIT 

K. Leininger 

911836-4, $65.00, 

MEMBER PRICE $52.00 

□ UNIX SECURITY: 

A Practical Tutorial 

N. Arnold 

002560-6, $24.95, 

MEMBER PRICE $19.96 

□ THE UNIX AUDIT: 
Using UNIX to Audit 
UNIX 

M. Grottola 

025127-4, $32.95, 

MEMBER PRICE $26.36 

□ UNIX: A Database 
Approach 

S. Das 

015745-6, $29.95, 

MEMBER PRICE $23.96 
Available November 1994 


I am a member of USENIX Association. Please 
send me the books I have indicated at the 
member special rate. I have added $3.00 postage 
and handling for the first book ordered, $1.00 
for each additional book, plus my local sales tax. 

Check or money order is enclosed— 
payable to McGraw-Hill, Inc. 

Charge my □ Visa □ Mastercard 

□ Discover □ Amex 

Account #_ 


Expiration Datc_ 
Signal ure-,_ 


Bill 6c Ship To: 


Name, 


Street. 


City, State, Zip_ 


Daytime Phone #_ 


03US002 


USENIX Membership # 


Send or Fax Orders to: 

McGraw-Hill, Inc. 

Attn: Rosa Perez 
11 West 19th Street^4th Floor 
New York, New York 10011 
Fax: 212-337-4092 


Mi 


If I am not completely satisfied, I will return the book(s) within 15 days for a full refund or credit. Satisfaction unconditionally 
guaranteed. Prices subject to change without notics. We can only accept orders within the continental USA. 


October 1995 ;login : 65 





How To Spot A System Administrator 
Who Hasn't Read Our New Books 


Weeps uncontrollably when asked “Want to go to lunch?” 



Thinks aspirin is a food group, Speaks jibberish like “unix, 


shmunix.” 



Has a labrador retriever that goes by the 


name “Watchdog reset” 



and howls ie bark 


F eeling a little frenzied? Gee,there are only a 
zillion things on your plate at any given time. 
But take heart: Where there’s clear, hands-on 
information that helps solve your thorniest 
problems, there’s relief. That’s where our new 
system administration books come in. 

Check out the new, second edition of our classic 
Essential System Administration, updated to include 
all the latest versions of major UNIX platforms. 
Networking Personal Computers with TCP/IP gives you 
information to tackle this sometimes daunting task. 


And Using and Managing UUCP describes, in one 
volume, this popular communications and file 
transfer program. When it comes to security, we’re 
publishing two books that will be essential: Building 
Internet Firewalls and Computer Crime. Both books 
are hands-on, current, and practical. 

So, remember to take deep breathes and read the 
latest books from O’Reilly. To learn more about 
any of the books you see here, browse our online 
catalog at http://www.ora.com/ And take a little 
time off when you can. 



o 


'REILLY & ASSOCIATES 

I03A Morris Street, Sebastopol, California 95472 • fax: 707-829-0104 • Credit card orders: 800-889-8969 Weekdays 6AM-5PM PST 

For inquiries: 800-998-9938, 707-829-0515 * To request a copy of our catalog: catalog@online.ora.com 

Please refer to code ALOG when ordering. 


66 ; login: vol. 20 • no. 5 





















□ □□ 


USEN1X members receive 
a 15% discount 


The Internet Navigator, 2ed 
Paul Gilster 

1-05260-4 $24.95 member price: $21.20 
It of copies: _ 

Advanced Topics in UNIX 
Ronald Leach 

1-03663-3 $24.95 member price: $21.20 

# of copies: _ 

Introduction to Client Server Systems 
Paul Renaud 

1-57774-X $34.95 member price: $29.70 

# of copies: - 

Portable UNIX 
Douglas Topham 

1-57926-2 $14.95 member price: $12.71 

# of copies: - 

UNIX, Self-Teaching Guide 
George Leach 

1-57924-6 $19.95 member price: $16.95 

# of copies: _ 

Object Oriented Programming with Turbo C++ 
Keith Weiskamp 

1-52466-2 $24.95 member price: $21.20 

# of copies: _ 

Obfuscated C and Other Mysteries 
Don Libes 

1-57805-3 $39.95 member price: $33.96 

# of copies: - 

>•••••••••••••••■•••••••••••« 

Payment enclosed, plus sales tax 

VISA n Mastercard 
American Express 

Card No._ 

Name_ 

Firm _ 

Address_ 

City/State/Zip_ 

S ignature_ 

(order invalid unless signed 


Finding It On the Internet 
Paul Gilster 

1-03857-1 $19.95 member price $16.95 

# of copies: _ 

Internationalization: Developing Software for 
Global Markets 1-07661-9 (pub. date: 1/95) 
Tuoc Luong $29.95 member price: $25.45 

# of copies: - 

Adventures in UNIX Network Applications 

Programming 

Bill Rieken 

1-52858-7 $39.95 member price: $33.96 

# of copies: _ 

UNIX Shell Programming, 3e 
Lowell Jay Arthur 

1-59941-7 $29.95 member price: $25.45 

# of copies: _ 

The UNIX Command Reference Guide 
Kaare Christian 

1-85580-4 $32.95 member price: $28.01 

# of copies: _ 

Berkeley UNIX: A Simple & Comprehensive 
Guide 

James Wilson 

1-61582-X $40.95 member price: $34.80 

# of copies: _ 


Please stand all order s to: 


>;-• John Wii% £ Inc.:|fjj| ’ 

Attn: Ksueii Cooper, Special Sai< 
HlllllJn 605 Hind Avenue 
New York, NY 10!58 
\:: Phone: (212) $50-6789 WM 
St Fax: I (212)850-6142 £ ' 


October 1995 ;login: 6 7 

























USENIX members receive a 15% discount 
on the following MIT Press publications: 


TECHNOLOGY 2001 

The Future of Computing and Communications 

edited by Derek Leebaert 

Researchers, executives, and strategic planners front inside the 
companies and laboratories lhaf have shaped today's Information age 
Forecast the merging technologies that could well define the computing 
and communications environ men f ihol lies ahead 
392 pp $14 95 paperback LEEEP 

THE DIGITAL WORD 

Text-Based Computing in the Humanities 

edited by George P. Landow and Paul Delany 

This book explores ihe larger realm of the knowledge infrastructure 
where texts are received, reconstructed, and .sent over global networks 
Technical Communication and Information Systems series 384 pp $39 95 


GLOBAL NETWORKS 

Computers and International 
Communication 

edited by Linda A/1. Harasim 
Global Networks takes up the host of issues raised 
by I he new networking technology that now links 
individuals, groups, and organizations in different 
countries and on different continents. The twenty 
one co nth buttons focus on the implementation, 
application, and impacl of computer-mediated 
communication in □ global context, 

340 pp $29 95 hardcover HARNH 

THE NETWORK NATION 

Human Communication via Computer 
Revised Edition 

Starr Roxanne Hiitz and Murray Turoff 

"The Network Nation... contained a fascinating 
vision. . It is a place where thoughts are 
exchanged easily and democratically and intellect 
affords one more personal power than a pleasing 
appearance does. Minorities and women 
compete on equal terms with white males, and the 
elderfy and handicapped are released from the 
confines of their infirmities 1o skim the electronic 
terrain as swiFlty as anyone else." — Teresa 
Carpenter, Village Voice 
580 pp. $24 95 paperback HILWP 

THE EVOLUTION OF C++ 

Language Design in the Marketplace of 
Ideas 

edited by Jim Waldo 

This collection of articles traces the history of C++, 
from its Infancy in the Santa Fe workshop, to its 
proliferation today as the most popular object- 
oriented language for microcomputers. Waldo 
notes in his postscript that in the process of 
evolving, the language has lost a dearly artier 
I a ted, generally accepted design center, with no 
common agreement about what il should or should 
not do in the future, 

279 pp $24 95 paperback WALEP 


SOCIOMEDIA 


Multimedia, Hypermedia, and the Social 
Construction at Knowledge 

edited by Edward Barrett 

Sodomedia continues the assessment of hypertext and hypermedia 
systems begun in Tex! Con Text, and HyperText and The Sacte/y of 
Text. It examines ihe use of integrated multimedia to support social or 
collaborative research, learning, and instruction in the university, one of 
(he besl environrrtents for developing and analyzing ihe effects of 
com pul mg technologies on our understanding oF complex sets of 
information 

Technical Communications and Information Series 360 pp $50 00 hardcover 
BARRH 


CONNECTIONS 

New Ways of Working in the Networked 
Organization 

tee Sproull and Sara Kiesler 

Sproull and Kiesler raise andol questions abaui our technical and 
parlicularly our human strategies os a producing society." 

— Howard Webber, Sfoan Management Review 

228 pp $21 95 paperback SPRCP 

TECHNOBABBLE 

John A. Barry 

"A serious study of the language of the new technocracy." 

— William Safi re, The New York Times Magazine 
288 pp $1 2 50 paperback BARCP 


Payment enclosed | | Purchase Order Attached Charge to my: _ Master Card | | VISA 

i # exp. Signature 

_Total for book)s) 

3.GO_Postage for North American addresses 

_Canadian customers add 7 % GST 

_Total for book(s] & postage 


Make checks payable 
and send order lo: 

THE MIT PRESS 

55 Hayward Street, Cambridge, MA 

02142-1399 USA 

To order by phone, call 

(617)625-8569 

or 1800) 3560343. E-mail order 

# milptess-orders@mit.edu. The 

operator will need this code: UNIX!. 


Name 

Address 


68 ;login : voi. 20 • no. 5 



D582 


Prentice Hall PTR is pleased to recommend 
the following titles to USENIX members... 



_UNIX System Administration Handbook, Second Edition, 

Evi Nemeth/Garth Snyder, 0-13-151051-7 
(15105-0) List: $48.00 Members: $40.80 


_Object-Oriented Modeling and Design, 

James Rumbaugh, 0-13-629841-9 

(62984-0) List: $54.00 Members: $45.90 

_Zen and the Art of the Internet, Third Edition, 

Brendan Kehoe, 0-13-121492-6 

(12149-1) List: $23.95 Members: $20.36 

_The Magic Garden Explained, Bernard Goodheart/ 

James Cox, 0-13-098138-9 

(09813-7) List: $38.00 Members: $32.30 

_Internetworking with TCP/IP, Vol. II Design, 

Implementation, and Internals, Douglas E. Comer/ 

David L. Stevens, 0-13-472242-6 

(47224-1) List: $61.33 Members: $52.13 

_SCO Performance Tuning Handbook, Gina 

Miscovich/David Simons, 0-13-102690-9 
(10269-9) List: $42.00 Members: $35.70 


.Internetworking with TCP/IP, VoL III Client Server 
Programming and Applications For the AT&T TLI 
Version, Douglas E. Comer and David L. Stevens, 
0-13-474230-3 

(47423-9) List: $53.00 Members: $45.05 

The Internet Message: Closing the Book with Electronic 

Mail, Marshall T. Rose, 0-13-092941-7 

(09294-0) List: $50.00 Members: $42.50 

The Standard C Library, PJ Plauger, 0-13-131509-9 
(13150-8) List: $37.80 Members: $32.13 

All About Administering the NIS+, Second Edition 

Rick Ramsey, 0-13-309576-2 

(30957-5) List: $42.00 Members: $35.70 


_Networking Operations on UNIX SVR4, 

Mike Padavano, 0-13-613555-2 

(61355-4) List: $50.00 Members: $42.50 

_Solaris Porting Guide, SunSoft ISV Engineering 

0-13-030396-8 

(03039-5) List: $52.00 Members: $44.20 

_Multiprocessor System Architectures, Ben Catanzaro 

0-13-089137-1 

(08913-6) List: $44.00 Members: $37.40 


The Simple Book: An Introduction to Internet Management 

Marshall T. Rose, 0-13-177254-6 

(17725-3) List: $55.00 Members: $46.75 


.Object-Oriented Programming, Peter Coad/ 

Jill Nicola, 0-13-032616-X 

(03261-5) List: $48.00 Members: $40.80 

Internetworking with TCP/IP, Vol. Ill Client Server 
Programming and Applications for the BSD Socket 
Version, Douglas E. Comer and David L. Stevens, 
0-13-474222-2 

(47422-1) List: $53.00 Members: $45.05 


The HP-UX System Administrator's "How To" Book 

Marty Poniatowski, 0-13-099821-4 

(09982-0) List: $32.00 Members: $27.20 

UNIX System V Performance Management, Edited by 
Phyllis Eve Bregman and Sally A. Browning 
0-13-016429-1 

(01642-8) List: $29.95 Members: $25.45 

SCO® UNIX® Operating System System Administrator's 
Guide, Santa Cruz Operation, 0-13-012568-7 
(01256-7) List: $39.00 Members: $33.15 


HER 

CALL 

800 - 880-6818 


'S HOW TO ORDER: 

OR WRITE: 

CompuBooks 
Route 1, Box 271-D, 
Cedar Creek, TX 78612 

SHIP ANYWHERE! 


OR INTERNET: 

70007.1333@CompuServe.com 
(GO CBK on CompuServe) 


FOR MORE INFORMATION, OR QUANTITY ORDERS, PLEASE CALL 201-592-2657 













Next Stop- 
Saii Francisco! 




y 



1 

/ 

/W 


\ 

jt 

if 


PI 


Plan now to be in San Francisco for UniForum '96 — 
a premier enterprise computing event showcasing 
Business Solutions across heterogeneous platforms 
to meet today's real world computing requirements. 


33 UniForum ’96 

The Official Conference and Exposition for Open Computing Solutions. 

Conference: February 12-16, 1996 • Exposition: February 14-16,1996 
Moscone Center • San Francisco, California 

Sponsored by UniForum, The International Association of Open Systems Professionals. 

Managed by The Interface Group, producer of COMDEX. 


(D1995 The Interface Group • 300 First Avenue, Needham, MA 02194-2722 USA • (617) 449-6600 


UN7219 2/95 


70 ;login\ vol . 20 . no . 5 








Establishing a 
World-Wide Web Server 

A SyirHmB Admlnlilrelon Guide 


©UniForum 


About the Author: 

Michael Harrington is the 
systems administrator of the 
orthopaedic Biomechanics 
Laboratory at Beth Israel Hospital 
in Boston, Massachusetts. He is 
also a member of the UniForum 
Technical Steering Committee. 

He has more than eight years 
experience managing UNIX, 
Macintosh and PC networks. 

He has managed his own WWW 
server since 1993. 



A Brand New Guide from UniForum 


Establishing a 
World-Wide Web Server 

A Systems Administrator’s Guide 

As Web sites proliferate throughout the world, and as users are demanding more 
functionality, the need for systems administrators to understand and manage World-Wide 
Web servers has never been greater. 

Establishing a World-Wide Web Server is a book that comes along at just the right 
time. There is no hotter application on the Internet than the World-Wide Web (WWW), 
and as it continues its explosive growth, it is up to systems administrators to understand 
and manage the demands of users. This Guide helps the administrator set up and 
administer a WWW server properly. The Guide is directed toward the novice system 
administrator and to those who take on the sys admin role in the course of their regular 
jobs. 

Establishing a World-Wide Web Server is written in a logical sequence that first 
introduces the reader to the place the WWW has in the world of the Internet. It then 
covers the technical issues including a clear description of HyperText Transfer Protocol 
(HTTP), with sections on several different HTTP servers. Subsequent chapters cover 
Uniform Resource Locators (URL), HyperText Mark-up Language (HTML) and a series 
of chapters on building and maintaining a WWW server. 

Establishing a World-Wide Web Server is thorough, easy-to-read, and completely 
up-to-date. 


Establishing a World-Wide Web Server 

Table of Contents: 


All General Members of UniForum will receive a copy of 
Establishing a World-Wide Web Server as part of their 
membership benefits. 

Copies are available to all UniFonim General and Trial Members 
at substantial discounts: 


■ Introduction: The WWW and the Internet 

■ Technical Issues of the WWW 

■ URL 

■ HTML 

■ Forms 

■ Imagemaps 

■ Converters/Editors 

■ HTML+ 


QUANTITY _ MEMBER PRICE TRIAL MEMBER PRICE 

I- 10 copies $10.00 $25.00 

II- 49 copies $8.00 $20.00 

50 copies or more $7.00 $17.00 


Plus shipping and handling 


Shipping & Handling Charges 

US/Canada/Mexico 

International 

If your mechandise total is... 

Add... 

Add... 

UP to $25.00 

$5.00 

$7.50 

$25.01 to 50.00 

7.00 

9.50 

$50.01 to 75.00 

9.00 

11.50 

$75.01 or more 

11.00 

13.50 


I Security Issues 
I Maintaining a WWW Server 

I Defining the Team Needed to Support the WWW 
Server 

Let’s Build a WWW Server 
The Future 

Glossary and Appendices 


To order, please call UniForum today at 1 -800-255-5620, or (408) 986- 
8840. Have your Visa, MasterCard, Discover or American Express Card 
ready for fastest order processing. Orders may be sent to UniForum. 
Please send checks or money orders (US dollars only; California 
residents please add applicable sales tax), to: 

UniForum 
WWW Server 

2901 Tasman Drive, Suite 205 
Santa Clara, CA 95054-1100 


©UniForum 

The International Association of Open Systems Professionals 


9506201 



UniForum is a registered trademark of The UniForum Association. 







Uni Forum 



OPEN SYSTEIt 


What is Open Systems and where can you find 
the information you need to keep up in today’s 
competitive open systems environment? 

Find out by joining UniForum: 

The international Association of Open Systems Professionals. 


The Advantages of Membership: 

Your annual membership is a resource treasure chest. Among the many valuable 
benefits you’ll receive are: 

■ UniForum Monthly : The Magazine for Open Systems Professionals 

■ UniNews - the authoritative voice of UniForum - now on-line 

M The Open Systems Products Directory - comprehensive, accurate, indispensable 
ft Reduced fees at all UniForum conferences and seminars 
V Technical and Standards publications: timely, reliable and useful 

■ Discounts on many outstanding industry publications 

■ Discounts on leading commercial hardware and software products 

■ Discounts on courses offered by leading training organizations 

■ Discounts on exclusive new shareware selections 

■ Services such as discounts on car rentals, travel and mail list rentals 

1 Eligibility to serve on UniForum committees and the Board of Directors 


UNIFORUM MEMBERSHIP APPLICATION FORM (pleaseprint) 

Name MR/MS 



Company 
Address 
Mail Stop 
City 
Country 

E-mail (where we will send UniNews) 

General Membership** $125 

Includes UniForum Monthly magazine, UniNews electronic newsletter, Open Systems Products Directory, 
technical publications, recruitment advertising service, and discounts on: UniForum conference registration 
and shareware CD-ROMs, purchases of software and hardware, educational seminars and special classes, 
additional UniForum publications and other industry publications, computer books, CD-ROMs and training 
services. 

** Overseas postage: 

air $100 or surface $60 (no additional postage necessary for Canada, Mexico or Puerto Rico) $_ 

TOTAL AMOUNT ENCLOSED $ -- 

Method of Payment: 

Select one: □ Check payable to UniForum * □ Money Order In US Dollars 

□ MasterCard □ Visa □ American Express 



Credit card number Expiration date _ 

Signature _ _ _ __ 

♦Payments must be included in U.S, dollars. All checks must be drawn on a U.S. bank. Credit card orders can be accepted by telephone. 

♦♦Overseas surface delivery takes up to six weeks. 

Send application and payment to: UniForum, 2901 Tasman Drive, Suite 205, Santa Clara, CA 95054-1100 
Tel: (408) 986-8840 (800) 255-5620 Fax: (408) 986-1645 


The International Association o( Open S/stems Professionals 



There’s Never 
Been a Better 
Time for an 
Outstanding 
Value 

As the unstoppable 
move to open systems 
gathers even more 
momentum you need 
strong and 
independent 
association that can 
help you achieve youi 
professional goals. 

An association that ci 
magnify your voice, 
which can educate, 
inform and inspire. 
You need and deservi 
an association that 
provides value for yo 
money. In short you 
need UniForum. 
With a value this goo 
the real question mig 
be, “Can you afford t 
be without it?” 

Join today! 


Prices subject to change without notice Contact UniForum for discounts and shipping and handling charges on bulk orders. 
UniForum is a registered trademark of UniForum UNIX is a registered trademark in the United Slates and other countries, 
licensed exclusively through X/Open Company Limited 







Turbo Charging the OS 


1994 


1995 


1996 


1997 



•Performance 1 
IBM 

Unencumbered 
release of the 
microkernel to the 
research 
community 


Performanc 

Conformanc 

Digital 

HP 


I ADI.2 t 

I 2Q94 1 


•Scalability 

Honeywell 


I 3Q95 


Real Time 

NSWC 

Honeywell 

Digital 

IBM 


I 1Q96 1 


•Scalability 

•Performance 

•Real-Time 


Hama/ 

Rnlaaso 

Dale 

' Capability 
Uwirs gf 
relfifiabd 
ledintilogy 


•Scalability 

•Performance 

IBM 


•High Assurance 
•Performance 
•Layered 
•Object Oriented 
TIS 


( MK9 

WKIO .^ 

IQ97 ” 

1990 

•Scalability 
•Performance 
• Distributed Real-Time 
•High Assurance 
•Application of formal methods 
•Fault Handling 
•Configurability 


J MKt+11 ^ 

"| 4Q95 

•Deliverables for 
formal evaluation 


DATE: Tue. 5 Sep 1 995 9:0 1 :00 

FROM: Open Software Foundation Research Institute <jcmar@osf.org> 

TO: Really Good Software Engineers 

SUBJECT: Cool, Exciting Career Opportunities 

The Open Software Foundation has positions open in the Research Institute for engineers interested in working on advanced 
development/research operating system problems. Topics include distributed single system image Unix and Mach, high 
performance, real-time, fault tolerance, trust, etc. Projects take place both in a Mach microkernel written in C and a 
completely new implementation written in C+ + , developed completely at OSF/Rl, with high assurance, evaluatable at a B3 
security level, and lots of other cool features. 

There is also a position available for those interested in quality assurance problems. The Research Institute would like to 
construct a partially or wholly-automated test environment that can be used by ordinary engineers as well as QA specialists. 
We’re not just interested in engineers who can run tests, but those who can think about the larger problem of how to test 
large pieces of software in an efficient way. 

The Research Institute works closely with leading universities, cutting edge companies, and government institutions to 
develop high performance improvements to the Mach operating system kernel among other projects. 

For more information about opportunities with OSF in Cambridge, MA, send your resume to: Open Software Foundation, 
J.C. Mar, Human Resources, 11 Cambridge Center, Cambridge, MA02I42 or EMail: jcmar@osf.org 
For more information on OSF, look for OSF on the World Wide Web at: http://riwww.osf.org:800/ 

'ijqra Reseach Institute 


October 1995 ;login: 73 




JL 


7th Annual 


FedUNIX’95 


TM 


Including 


t/ UNIX Network Security 
Conference 

✓ Open Data Warehousing 
Conference 

✓ Motif '95 

The 5th Annual Motif/X/CDE 
International Users Conference 

✓ The 2nd Annual Linux 
International Users’ & 
Developers’ Conference 

✓ The Essential Internet 
Conference: including 
World Wide Web, Browsers, Mosaic 


%/ The Open Client/Server 
Solutions Conference 

✓ Creating the Electronic 
Enterprise —FREE Conference 

✓ Mobile Computing 

FREE Conference Sessions 

✓ The 26 Best Tutorials & 
Highest Rated Instructors: 

including UNIX, Internet, C/S, Admin, 
Security, X-Windows, Motif, CDE & more 

✓ Fourth Annual Federal 
Leadership Awards sponsored 
by Government Executive Magazine 


Trade Show 

featuring over 125 exhibitors 


Please Send Me: 


□ Exhibitor Information 

□ Conference Information □ Federal Leadership Awards 

□ Tutorial Information □ Exposition Information 


OPEN SYSTEMS WORLD 
♦ FedUNIX ’95 ♦ 


Conference: 

Nov. 13-17, 1995 

Exhibition: 

Nov. 15-16, 1995 

Washington Convention Center 
Washington, D.C. 

FOR INFORMATION CALL 
301-596-8800 


Organization 


Telephone 


Return to: 

OPEN SYSTEMS WORLD 

10440 Shaker Drive, Suite 203 
Columbia, MD 21046 
FAX: 301-596-8803 
Email: oswinfo@mcsp.com 
or look at the complete conference on our home page: 
URL:bttp://www. nncsp.com/OSW-FedU NIX.html 


Conferences/Tutorials 

Mon. Nov. I3-Fri. Nov. 17 

Exhibition 

Wed. Nov. 15-Thurs. Nov. 16 


Washington 
Convention Center 
Washington, D.C. 

Call 

301-596-8800 

for more information 
Email: oswinfo@mcsp.com 

















PROCEEDINGS 


Please enter my one-year subscription* to the 1995 USENIX Conferences and Symposia Proceedings,which includes: 

New Orleans Technical Conference - January 1995 
Mobile and Location-Independent Computing Symposium - April 1995 
Fifth USENIX UNIX Security Symposium - June 1995 
Conference on Object-Oriented Technologies (COOTS) - June 1995 
Tcl/Tk Workshop - July 1995 

Workshop on Electronic Commerce - Publication date TBA 
Systems Administration (LISA ’95) Conference - September 1995 


*NGTE: 

Corporate, Educational and Supporting Members of 
USENIX autojnatically receive a subscription to all 
proceedings published during their term of 
membership* which may overlap with this offer. 


COST: USENIX members: $120.00 
Non-members: $160.00 

Outside U.S.A. and Canada? 

Add $30.00 for surface postage. 


Subscription Cost 
Calif. Sales Tax 
Overseas Postage 


TOTAL ENCLOSED 




Address _ 

City ____ St ate/Country______ Zip/Postal Code 


Please mail this order form to: USENIX Association 

2560 Ninth Street, Suite 215 
Berkeley, CA 94710 
510/528-8649 
FAX 510/548-5738 
office@usenix.org 

The proceedings are shipped the week following the event. 


This offer is good through 
December 31,1995 


October 1995 ;login: 75 








LOCAL USER GROUPS 


The Association will support local 
user groups by doing a mailing to 
assist in the formation of a new 
group and publishing information 
on local groups in ;login:. At least 
one member of the group must be a 
current member of the Association. 
Send additions and corrections to: 

< login@usenix. org>. 

California 

Fresno: 

The Central California UNIX Users 
Group has a WWW contact page to 
which members may post ques¬ 
tions or information. For connec¬ 
tion information: 

• Steve Mitchell 
209 278 5675 

<http:flwarpig.cati.csufresno.edul 

ccuuglccuug.html> 

Orange County: 

Meets the 2nd Monday of each 
month 

• UNIX Users Association of South¬ 
ern California 

Dave Close 
714 434 7359 

<dhclose@alumni.caltech. edu> 

New Horizons Computer 

Learning Center 

1231 E. Dyer Rd., Suite 140 

Santa Ana, CA 92705 

714 438 9440 

Colorado 

Boulder: 

Meets monthly at different sites; for 
membership information and meet¬ 
ing schedule, send email to 
< fruug-info@fruug.org >. 

• Front Range UNIX Users Group 
Lone Eagle Systems Inc. 

636 Arapahoe #10 
Boulder, CO 80302 
Steve Gaede 
303 444 9114 
<gaede@fruug.org> 
<http:Ifwww.fruug . orgf~fruug> 


Washington, D.C. 

Meets 2nd Tuesday of each month. 

• Washington Area UNIX Users 
Group 

10440 Shaker Drive, Suite 103 
Columbia, MD 21046 
Alan Fedder 
301 621 5500 
<afedder@mcsp. com> 

Florida 

Coral Springs: 

• S. Shaw McQuinn 
305 344 8686 

8557 W. Sample Road 
Coral Springs, FL 33065 

Melbourne: 

Meets the 3rd Monday of every 
month. 

• Space Coast UNIX User’s Group 
Steve Lindsey 

407 242 4766 
<lindsey@vnet.ibm.com> 

Orlando: 

Meets the 3rd Thursday of each 
month. 

• Central Florida UNIX Users Group 
Mikel Manitius 

407 384 4644 

<mikel. manitius@east. sun.com> 

Western: 

Meets 1st Thursday of each month. 

• Florida West Coast UNIX Users 
Group 

Mike Delucia 
813 882 0770 
<pfl @cftnet.com> 


Georgia 

Atlanta: 

Meets on the 1st Monday of each 
month in White Hall, Emory Univer¬ 
sity. 

• Atlanta UNIX Users Group 
P.O. Box 12241 
Atlanta, GA 30355 2241 
Mark Landry 404 365 8108 


Kansas or Missouri 

Meets on 2nd Tuesday of each month. 

• Kansas City UNIX Users Group 
(KCUUG) 

RO. Box 412622 
Kansas City, MO 64141 
816 891 1093 
<richj@northcs.cps.com> 

Michigan 

Detroit/Ann Arbor: 

Meets on the 2nd Thursday of each 
month in Ann Arbor. 

• Southeastern Michigan Sun Local Users 
Group and Nameless UNIX Users Group 
Steve Simmons’ office: 313 769 4086 
home: 313 426 8981 
<scs@lokkur.dexter.mi. us> 

Minnesota 

Minneapolis/St. Paul: 

Meets the 1st Wednesday of each month. 

• UNIX Users of Minnesota 
17130 Jordan Court 
Lakeville, MN 55044 
Robert A. Monio 

612 220 2427 

<pnessutt@dmshq.mn. org> 

Missouri 

St. Louis: 

• St. Louis UNIX Users Group 

P.O. Box 2182 St. Louis, MO 63158 
Terry Linhardt 
314 772 4762 
<uunet!jgaltstl!terry> 

Nebraska 

Omaha: 

Meets monthly. 

• /usr/group/nebraska 
P.O. Box 31012 
Omaha, NE 68132 
Phillip Allendorfer 
402 423 1400 


76 ;login : vol. 20 • no. 5 



New England 

Northern: 

Meets monthly at different sites. 

• Peter Schmitt 603 646 2085 
Kiewit Computation Center 
Dartmouth College 
Hanover, NH 03755 

<peter. schmitt@dartmouth. edu > 

New Mexico 

Albuquerque: 

ASIGUNIX meets every 3rd 
Wednesday of each month. 

• Phil Hortz 505 275 0466. 

New York 

New York City: 

Meets every other month in 
Manhattan. 

• Unigroup of New York City 
G.P.O. Box 1931 

New York, NY 10116 
<uniboard@unigroup.org> 

J. P. Radley 212 877 0440 

Oklahoma 

Tulsa: 

Meets 2nd Wednesday of each month. 

• Tulsa UNIX Users Group, $USR Bill 
Hunt 918 494-4848 
<bhunt@tulsix.utulsa.edu> 

Mark Lawrence 918 749 7498 
<lawrence@tulsix. utulsa.edu> 

Texas 

Austin: 

Meets 3rd Thursday of each month. 

• Capital Area Central Texas UNIX 
Society (CACTUS) 

P.O. Box 9786 
Austin, TX 78766-9786 
Ronald S. Woan 
512 838 1254 
<president@cactus.org> 
<http:llcactus.org> 

Dallas/Fort Worth: 

Meets the 1st Thursday of each 
month. 

Dallas/Fort Worth UNIX Users Group 

P.O. Box 867405 

Plano, TX 75086 

Evan Brown 214 519 3577 

<evbrown@dsccc. com> 


Houston: 

Meets 3rd Tuesday of each month. 

• Houston UNIX Users Group 
(Hounix) answering machine 
713 684 6590 

Jack Gilbert, President 
713 862 3637 
<jack@hounix.org> 

Washington 

Seattle: 

Meets monthly. 

• Seattle UNIX Group Membership 
Bill Campbell 206 947 5591 
6641 East Mercer 

Mercer Island, WA 98040-0820 
<bill@celestialcom> 

Canada 

Manitoba: 

Meets 2nd Tuesday of each month. 

• Manitoba UNIX User Group 
(MUUG)P.O. Box 130 

St. Boniface Winnipeg, 

MB R2H 3B4 
Bary Finch, President 
204 9341690 
<info@muug.mb.ca> 

Ottawa: 

• The Ottawa Carleton UNIX Users 
Group 

David J. Blackwood 
613 957 9305 
<dave@revcan.ca> 

Toronto: 

•143 Baronwood Court 
Brampton, Ontario 
Canada L6V 3H8 
Evan Leibovitch 
416 452 0504 
<evan@telly.on.ca> 

Quebec: 

Meets first Wednesday every 3rd 
month. 

• Administrateurs de Systeme 
UNIX du Quebec (ASUQ) 
University de Montreal, 

Dept. IRO 

C.P. 6128, Succ. Centre-Ville 
Montreal, Quebec, Canada, 

H3C 3J7 
514 343 7480 

<asuq@iro. umontreal. com> 


LOCAL USER GROUPS 

System Administration 
Groups 

Back Bay LISA (BBUSA) 

New England forum covering all aspects of 
system and network administration, for large 
and small installations. Meets monthly, at MIT 
in Cambridge, MA. 

For information, contact: 

•J. R. Oldroyd 617 227 5635 
<jr@opaLcom> 

• Mailing list subscription: 
<bblisa-request@bblisa.org> 

• Mailing list postings: 

<bblisa@bblisa.org> 

• For current calendar of events: 
finger <bblisa@finger.bblisa.org> 

Bay LISA (California) 

Meets 3rd Thursday of each month at Synop- 
sys in Mountain View, CA For more informa¬ 
tion, please contact: <blw@baylisa.org> or 
<http:llwww.baylisa.org> 

$GROUPNAME (New Jersey) 

SGROUPNAME is an organization in New Jer¬ 
sey formed to facilitate information exchange 
pertaining to the field of UNIX system admin¬ 
istration. For more information, send 
“infogroupname” to <majordomo@plts.org> 
Tom Limoncelli <tal@big.att.com> 

New York Systems 
Administrators (NYSA) 

Meets 2nd Monday of each month. 

• <nysa-request@esm.com> 

914 472 3635 or 472 3635 

North Carolina System 
Administrators Group 

The North Carolina System Administrators 
Group meets on the 2nd Monday each month 
in the Research Triangle Park area. 

• Amy Kreiling 919 962 1843 
<kreiling@cs.unc.edu> 

• William E. Howell 919 941 4868 
<william_howell@glaxo. com> 


October 1995 ;logiii: 77 


ACM: 

Association for Computing Machinery 

AFUU: 

Association of French UNIX Users 

A5PLOS: 

Architectural Support for Programming 
Languages and Operating Systems 

AUUG: 

Australian UNIX Systems Users Group 

COOTS: 

Conference on Object-Oriented 
Technologies and Systems 

DECUS: 

Digital Equipment Computer Users Society 

EurOpen: 

European Forum for Open Systems 

GURU: 

Romanian UNIX User Group 

GUUG: 

German UNIX Users Group 

IEEE: Institute of Electrical and 
Electronics Engineers 

IETF: 

Internet Engineering Task Force 

Interex: 

International Association of 
Hewlett-Packard Computer Users 

JUS: 

Japan UNIX Society 

USA: 

USENIX/SAGE Systems Administration 
Conference 

OOPSLA: 

Object-oriented Programming 
Systems, Languages and Applications 

OSDI: 

Symposium on Operating Systems 
Design & Implementation 

ROSE: 

Open Systems in Romania 

SANS: 

System Administration, Networking 
& Security 

5IGPLAN: 

ACM Special Interest Group on 
Programming Languages 

SIGSOFT: 

ACM Special Interest Group on 
Software Engineering 

SOSP: 

ACM Symposium on Operating Systems 
Principles 

SUG: 

Sun User Group 

SUUG: 

Society of Russia UNIX Users Group 

UKUUG: 

United Kingdom UNIX Systems 
Users Group 

UniForum: 

International Association of 

UNIX and Open Systems Professionals 

WITI: 

International Network of 
Women in Technology 

78 ; logirt : vol. 20 . no. 5 


CALENDAR OF EVENTS 


This is a combined calendar of conferences, symposia, and stan¬ 
dards meetings. If you have a event that you wish to publicize, 
please contact <login@usenix.org >. 

* = events sponsored by the usenix Association. 


1995 

October 

16-20 IEEE 1003 

12-15 ACM SIGSOFT‘95, 

Washington, DC 

15-19 OOPSLA ‘95, Austin, TX 
25-28 IEEE Parallel & Distributed 
Processing, San Antonio, TX 
25-26 EuiOpen, Publishing on Internet, 
Stockholm, Sweden 

November 

1 - 4 ROSE ‘95, Bucharest, Romania 

2 - 8 DECUS, San Francisco, CA 
6-10 Interop + NetWorld, Paris, France 

12- 15 SUG, Computers and the Law, 

Tampla, FT 

13- 17 Open Systems World/FedUNIX 

Washington, DC 

December 

2- 7 DECUS, San Francisco, CA 

3- 6 SOSP, Colorado 

3- 8 ACM/IEEE-CS Supercomput¬ 

ing ‘95, San Diego, CA 

4- 8 IETF, Dallas, TX 

6-8 JUS UNIX Fair, Yokohama, Japan 
11-14 4th World Wide Web 

Conference, Boston, MA 
19 - 20 UKUUG, York, UK 

1996 

January 

22-26 * USENIX, San Diego, CA 

February 

14- 16 UniForum, San Francisco, CA 

March 

4- 8 IETF, Los Angeles, CA 

April 

3-4 Interop+NetWorld, Las Vegas, NV 

May 

5- 10 IEEE Symposium on Research 

and Privacy, Oakland, CA 
13-17 SANS V, Washington, DC 
18-24 DECUS, Orlando, FL 


June 

1 - 6 DECUS, ‘96 St. Louis, MO 

17- 21* COOTS II, Toronto, Canada 

July 

10 -13 * Tcl/Tk, Monterey, CA 

22 -25 * 6th UNIX Security, San Jose, CA 

August 

4 - 9 SIGGRAPH, New Orleans, LA 

5 - 9 Interex ‘96, San Diego, CA 

September 

30- 

Oct 4* LISA ‘96, Chicago, IL 

AUUG, Melbourne, Australia 

October 

1-4 ASPLOS, Cambridge, MA 

6-11 OOPSLA ‘96, San Jose, CA 
8-10 UNIX Expo, New York City 
29- 

Nov 1* OSDI II, Seattle, WA 

November 

4-8 Open Systems World, FedUNIX 
9 -14 DECUS, Anaheim, CA 

18- 22 ACM IEEE-CS Supercomputing ‘96, 

Pittsburgh, PA 

1997 

January 

6 -10 * USENIX, Anaheim, CA 

March 

12-14 UniForum, San Francisco, CA 

October 

27 - 31*LISA ‘97, San Diego, CA 

1998 

June 

15-19 * USENIX, New Orleans, LA 

December 

7 - 11 * USA ‘98, Boston, MA 



USE NIX 1996 Technical Conference 

January 22-26,1996 

San Diego Marriott Hotel and Marina 

San Diego, California 

Sponsored by the USENIX, the UNIX® and Advanced Computing Systems 
Professional and Technical Association 



■ System administration 

■ Web administration 

■ Network management 

■ Performance measurement 

■ Benchmarking 

■ System and network security 

■ Firewalls 

■ Privacy 

■ Cryptography 

■ Java 

■ Linux 

■ Distributed computing: DCE, 
DFS, RPC, CORBA 

* Kernel internals: 4.4BSD, 
FreeBSD, Plan9, Spring 


■ Videoconferencing 

■ Portability and interoperability 

■ DNS 

■ GUI technologies and builders 

■ File systems 

■ Operating Systems 

■ Networked Collaborative 
Environments 

■ Making money with free software 

■ Re-engineering the Fortune 500 

■ Governance of the Internet 

■ Tcl/Tk 


i 

Over 70 tutorials, refereed paper presentations, invited talks, BoFs and 
Guru-is-in sessions offered by top experts with hands-on experience. 
Free admission to the Vendor Displays. 



Technical Conference 


Please send: □ a free conference catalog □ information about exhibiting 
□ a FREE entry form for the Vendor Display 


Name 


Company 


Address 


City State Zip 


Phone Fax Email 

Postal Mail: USENIX, 22672 Lambert St., Suite 613, Lake Forest, CA 92630 

Phone: 714 588 8649 

Fax: 714 588 9706 

Email: conference@usenix.org 

WWW: http://www.usenix.org 

UNIX is a registered trademark in the United States and other countries, licensed exclusively 
through X/Open Company Limited 


















SECOND CLASS POSTAGE 

PAID 

AT BERKELEY, CALIFORNIA 
AND ADDITIONAL OFFICES 


USENIX Association 
2560 Ninth Street 
Suite 215 

Berkeley, CA 94710 


POSTMASTER: 

SEND ADDRESS CHANGES 
TO ;login: 

USENIX ASSOCIATION 
2560 NINTH STREET 
SUITE 215 

BERKELEY, CA 94710 


Reserve your exhibit space today 


at the USENIX Technical Conference Vendor Display. 


January 22-26,1996 
San Diego Marriott Hotel 
San Diego, California 

3 Easy Ways for More Information: 

1. Phone: 510 528-8649 

2. Fax: 510 548-5738 

3. Email: display@usenix.org 






